Hosting Provided By

Trusting localhost?

This message: [ Message body ] [ More options ]

Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ]

From: Craig Minton <CraigSecurity(at)blazemail.com>
Date: Wed Jul 23 2003 - 17:16:13 EDT

If you are creating an application that communicates using TCP, but only want to take requests from the localhost, are there reasons why you would not want to check that the incoming request is from localhost and then trust it? This is in a Windows environment. Would IP spoofing work if the application was checking for the IP address 127.0.0.1? If so, how likely is it that IP spoofing would work today, in a corporate environment?

Thank you for any direction you can provide.

Fight the power! BlazeMail.com Received on Mon Jul 28 12:23:58 2003

This message: [ Message body ]
Next message: Gerard Vignes: "Re: Trusting localhost?"
Previous message: averas(at)larc.usp.br: "Revelation, snitch, openPass - Part 2"
Next in thread: Felipe Franciosi: "Re: Trusting localhost?"
Reply: Felipe Franciosi: "Re: Trusting localhost?"
Reply: Gerard Vignes: "Re: Trusting localhost?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT