Marco Gaiarin schrieb: > Mandi! Tomasz Chmielewski > In chel di` si favelave... > >> As in 99% cases wpkg.js sits on the remote server, it is by definition >> insecure, isn't it? > > It's a pint of view... > >> Handling security by something which is hosted on a potentially not >> secure machine isn't the best idea - you would never know if it's your >> or attacker's wpkg.js. > > Indeed ther's some different problems to take care. > > What i'm speaking about is a: > > a) an attacker have no access to the server (indeed, done that we have > no more things to speak about... ;), no access to the clients apart > one/two to get some knowledge on the system > > b) the attacker want to take control of all clients (that use WPKG, of > course).
Well, perhaps it suffices if WPKG service is started as a domain user, or WPKG path uses domain user credentials. Then, Windows should take care of all security issues for us - no need to reinvent anything here, if the operating system already does it? And Brian - what kind of tests did you really make? -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list wpkg-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wpkg-users
