On Tue, Sep 7, 2010 at 10:31 AM, Martin Lucina <[email protected]> wrote:
> This is mainly a problem for services connected to the public Internet, > much less for installations running on private Intranets. Yes, right. On private Internets this situation is more likely due to misconfiguration or network issues than to bad clients. I believe issue 36 is related though, and that asserts when trying to do a failover. > Given that the 0MQ code has not bee through any kind of security audit > (however formal/informal that may be) we should not be claiming that 0MQ > 2.0.x is in any way suitable for deployment of Internet-connected services. > The FAQ entry regarding security should be updated to explicitly state > this. It would IMO be very unwise to encourage people to use 0MQ over the Internet since it has zero security and no obvious hooks for adding that. However as long as it's possible to crash a server from the network, people won't even start to explore this IMO. In fact for a fair amount of Internet use, an insecure protocol is fine if it's not being used for sensitive data. Think irc. I think this was also where AMQP got first used outside the LAN. > Martin, this means that from a network point of view we should follow the > well known principle of "be conservative in what you send, and liberal in > what you accept". It should not be possible to crash 0MQ from the network > side. +1. Assertions should never be used in response to bad data from the outside world, their reason for existence is to self-destruct a program that is internally inconsistent. > This is an area that interests me so I am willing to put in effort to move > us in this direction, but IMO it's definitely 2.1.x work, or possibly even > 2.2.x depending on how quickly we stabilize 2.1. I'd expect business use over the Internet won't be realistic until 3.x or even later because it requires some kind of answer to the question of security, and that affects both the API and the wire level protocol. Of course one can tunnel 0MQ over ssh or maybe HTTP but that's not really answering the question at all. - Pieter Hintjens iMatix - www.imatix.com _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
