I recently added SOCK 5 client support to CGIProxy, and it can now act as a front-end to a Tor client on the same machine. I hear this isn't recommended, but I'm trying to find out any specific security risks of doing so, so I can address them. Can you think of any risks? Why is this setup not recommended?
This might be useful to give a clientless interface to the Tor network, if a user can't or doesn't want to install anything on their browsing machine (e.g. Internet cafes, fear of malware). Using the Tor Browser Bundle isn't an option in these situations. I know SOCKS 5 is insecure without GSSAPI, but if both ends of the SOCKS 5 connection are on the same machine, is there any risk? Are there tools that can spy on local connections? I'm always interested to hear of any other security risks with CGIProxy too. For the record, it safely supports JavaScript and Flash, and prevents any direct connection between the user and the destination server. The next release supports and uses the Content-Security-Policy: header to ensure that, on top of what the program already does. Thanks for any thoughts. No idea too small. Links to other discussions welcome. Cheers, James -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
