>AuthHosts "-:+127.0.0.1" listens on all adaptors and rejects connections
>from any external address other than 127.0.0.1. LoopbackOnly only listens
>on the loopback adaptor, so the only possible address of a connecting
>connection is 127.0.0.1. They are not the same thing.
In particular, they are not the same thing because originating IP addresses
can be faked, so someone could connect from an external machine but claim
to be coming from 127.0.0.1. The stream nature of the connection would
still allow traffic to flow back to the perpetrator. But if a server only
listens on 127.0.0.1, it can't ever hear such a falsified connection.
At least, my security paranoid friends assure me that this is possible...
If it turns out they've been lying to me for the last several years, please
try to limit the flamage, because I am very sensitive to heat ;-)
Mac
_____________________________ /"\
Mac Reiter \ / ASCII Ribbon Campaign
Nomadics, Inc. X Against HTML Mail
[EMAIL PROTECTED] / \ (To join the campaign, simply use
this in your signature.)
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
