Ok I understand. But its not easy for users to separate good from faked freenet clients.
Maybe all clients should sign their binary code in the jar file to enure its unchanged. And maybe there is some way to provide a certificate to the node. Then the freenetproject people could check the code of clients apps and give them a certificate that is hardcoded in the freenet node. Only apps that have this certificate are allowed to connect to the node if the user configured the "high security mode". Updating the node together with new clients is not too much work and is acceptable for users. I don't know about the details of signed java code,... Maybe this would be a good item for the todo list (on bugs.freenetproject.org)? On 11/1/06, toad <toad at amphibian.dyndns.org> wrote: > You are wrong. Anyone with access to FCP can already: > - Upload arbitrary files which the node can access. > - Read your node reference, your peers and your config > - Add or remove peers > - Change config options > - Write to arbitrary non-existent files which the node can access > > It has been suggested that a simple password or a full > username/password login might be useful. Nothing was ever really agreed > or implemented. > > So be careful who you let have FCP access! > > On Wed, Nov 01, 2006 at 07:36:48PM +0100, bbackde at googlemail.com wrote: > > Is it true what I see, is each FCP2 client now able to retrieve the > > private DSA key from the node, the key that uniquely identifies your > > node??? > > > > Do you think this is a nice feature? Someone could hack some existing > > open source application, provide them to some incautious users and > > send their private DSA key to some big brother for analysis??? > > > > I don't want to accept this without an important reason. I have no > > idea what a client could do with this private key, except to send it > > to some big brother. > > > > Or am I wrong? > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iD8DBQFFSPACA9rUluQ9pFARAn/OAJ4uWpvQzVJ+AZY3dIANIkcAeHRsCgCfUiEP > TiZxr4+gbS4u+0iU7tM6JdM= > =ao4L > -----END PGP SIGNATURE----- > > > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech > >
