Hi, On Aug 23, 2008, at 5:21 PM, Dirk Meyer wrote:
UPnP is a working choice, but bad. Just google for it. Since it is based on HTTP attackers found a way to open ports on your router.
Having a open TCP port is not necessarily a security risk. It only becomes a security risk if the server that listens to that port has security problems.
Don't blame open TCP ports with mistakes of server programmers.
Besides that, I do not like the idea that every app can open ports.
Well, how are they supposed to accept connections? And please don't mention rfc2549 :).
Really, I think you should get used to it. With IPv6 (and yes, I'm a believer :) ) you will (or at least I hope you will) lose that NAT security barrier that we all grown so fond of, and the responsibility of server software implementations will be much much greater. Personally, I think we will get user-level firewall APIs: you negotiate a Jingle session with your peer and then open the necessary ports with a source filter.
but getting back to our topic: you get to authenticate and check certificates on that open TCP connections. If you don't trust that, our protocol is flawed.
best regards, -- Pedro Melo Blog: http://www.simplicidade.org/notes/ XMPP ID: [EMAIL PROTECTED] Use XMPP!
