[email protected] said: > On Tue, Sep 7, 2010 at 10:11 AM, Martin Sustrik <[email protected]> wrote: > > > I've added the logging mechanism to the trunk (sys://log). > > > > Having that in place, the offending connection should be dropped and the > > fact should be logged. > > Is there any way to stop asserting, in maint? These two assertions in > effect allow clients to DoS a service. The offending connection can > be dropped silently, it's better than crashing the service.
This is mainly a problem for services connected to the public Internet, much less for installations running on private Intranets. Given that the 0MQ code has not bee through any kind of security audit (however formal/informal that may be) we should not be claiming that 0MQ 2.0.x is in any way suitable for deployment of Internet-connected services. The FAQ entry regarding security should be updated to explicitly state this. Now, as for 0MQ 2.1.x, I think we're getting to the point where putting in effort for making 0MQ suitable for deployment on the global Internet or other untrusted networks is worthwhile. However, this does need to be done systematically. Martin, this means that from a network point of view we should follow the well known principle of "be conservative in what you send, and liberal in what you accept". It should not be possible to crash 0MQ from the network side. This is an area that interests me so I am willing to put in effort to move us in this direction, but IMO it's definitely 2.1.x work, or possibly even 2.2.x depending on how quickly we stabilize 2.1. -mato _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
