Re: [GnomeMeeting-devel-list] ILS, big problem

[Damien Sandras <dsandras seconix com>]

Le lun 13/10/2003 à 18:30, PUYDT Julien a écrit :

> > We have anyway 3 solutions :
> > - when the server receives a register request, it rejects it if the port
> > is inaccessible
> 
> Well, the client does the request, you make another: it's not secure.
> 

Why isn't it secure?


> > - run a script and ban all misconfigured people
> 
> Easier on the server, but will people know why?
> 

We can have a specific ban message. However, running such a script on
200 IP's easily takes 2 to 3 minutes. During that time, other
misconfigured people can register.


> > - if the user is registered to ILS.seconix.com, GM checks of it is
> > reachable from the outside through seconix.com, if not, it displays a
> > popup and unregisters the user from ILS.
> 
> What you mean is: gm asks the server to test?
> 

When starting, GM asks to a php script to test if the port is reachable
or not. 

> If so, it is bad, since the decision to make a test now is on the client
> end (the untrusted one), and not on the server's end (the trusted one).
> And: it is as heavy as the first solution.
> 

Not really, it is only 1 HTTP request each time a client that registeres
to ils.seconix.com is started. The HTTP server will easily handle many
requests at a time, but the ILS server will certainly go down.

Of course, people could disable that test, but most people will simply
fix their configuration.

The first 1 is 200 ILS requests every x minutes.

> > The last solution seems perhaps the best and the most confortable for
> > the server.
> 
> I would say none of these fit...
> 
> Snark
> 
> _______________________________________________
> Gnomemeeting-devel-list mailing list
> Gnomemeeting-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-devel-list
-- 
 _	Damien Sandras
(o-	GnomeMeeting: http://www.gnomemeeting.org/
//\	FOSDEM 2003:  http://www.fosdem.org
v_/_	
	H.323 phone:  callto://ils.seconix.com/dsandras seconix com