On 03/07/07 08:57, Casper.Dik at Sun.COM wrote: >>I think you'd be far safer binding the socket to 127.0.0.1 by default; >>relying on gethostbyaddr() to only return "localhost" for a loopback >>address doesn't strike me as particularly clever. > > getpeerucred() in S10+ and verifying that the call comes in from a local > zone is an airtight way.
I think that'll still show the port as open to portscanners, not? Binding to 127.0.0.1 seems a lesser call generator. Joep
