On Thu, May 06, 1999 at 12:15:16PM +0200, Bart van Kaathoven (DSN) wrote:
> Hi,
>
> The problem however is that mydomain.com contains a LOT of ip-ranges which
> makes it unrealistic to add all the ip-ranges. Previously when using
> tcpserver 0.50 there was a patch which allowed dns-based access control, is
> there such a patch for ucspi-tcp-0.80 ?
There's no security in using domain names for access control, since reverse
mapping of names can be spoofed easily.
If someone controlled the reverse mapping for a range of IP addresses and knew
your domain name, he could make one of his addresses reverse map to a name in
your domain and gain access you don't want him to have.
Chris
