Garrett D'Amore wrote:
> Frank Che wrote:
>>
>> 4.2 Security concerns:
>> Security becomes a concern when synchronizing files across
>> network. Unison
>> provides two methods for communicating between the client and the
>> server:
>>
>> * Remote shell method: To use this method, you must have some way of
>> invoking remote commands on the server from the client's command
>> line,
>> using a facility such as ssh. This method is more convenient and
>> also more
>> secure (especially if you use ssh).
>>
>> * Socket method: This method requires only that you can get TCP
>> packets
>> from the client to the server and back.
>> The socket method is insecure: not only are the texts of your changes
>> transmitted over the network in unprotected form, it is also
>> possible for
>> anyone in the network to connect to the server process and read
>> out the
>> contents of your file system! The socket method is provided only for
>> expert users with specific needs; everyone else should use the remote
>> shell (ssh) method.
> I presume that if there is a server here, it is not enabled by default?
> Can you confirm, does this project adhere to the Secure By Default rule?
>
> If there is a server, how is it administered, if at all?
I hope (and assume) that Solaris will deliver unison so that it can be
invoked by a remote shell and not configure the "socket method" server
at all. This allows the remote peer to run just for the lifetime of the
sync operation, just like scp or rsync. There's not much need for a
listening server unless you don't have a remote shell mechanism like ssh.
Scott
