Security Concerns

Forum to discuss the DonkeyFire Mozilla Firefox extension (MLDonkey integration).

Security Concerns

Notapor buanzo el Mar Feb 26, 2008 8:57 pm

I'm aware of a few security concerns among a couple of DonkeyFire users. Namely, how I'm managing username/password storage.

As this extension was intended for private usage only, I didn't care much (I access my MLDonkey via VPN to a remote location, and the username/password I use were created specifically for that purpose).

But, truth be told, some of my friends requested that I released it publicly. And that's how donkeyfire.mozdev.org and this forum were born.

I recomend that, while I implement a better approach (which is not only a matter of nsIPasswordManager, but a little bit more ocmplicated given my XPath requirements), you implement a similar approach:

* If you run MLDonkey locally only, set a unique password for the admin account. Something unique, really. And make it listen on 127.0.0.1 only.
* If you run MLDonkey remotely, try to make it listen over 127.0.0.1 and a VPN interface only. Same password recommendations.
* If you run MLDonkey remotely, and cannot / don't know how to make it work over a VPN, I can sell you my services! Now really: at least firewall it, or run it over SSL via mod_proxy (John, if you read this, we could all make use of a HOWTO, won't you post one?).

Yours,
Buanzo.
Avatarde Usuario
buanzo
Administrador
 
Posts: 673
Registrado: Sab Dic 09, 2006 11:17 am
Ubicación: Buanzonia (ok, Florida, Buenos Aires)

Security Concerns

Sponsor

Sponsor
 

Re: Security Concerns

Notapor john_doe el Jue Feb 28, 2008 7:38 am

* If you run MLDonkey remotely, and cannot / don't know how to make it work over a VPN, I can sell you my services! Now really: at least firewall it, or run it over SSL via mod_proxy (John, if you read this, we could all make use of a HOWTO, won't you post one?).


Of course. Let me put my fingers on it. By the end of the day should be ready... 8-)
A veeer...
homer@head:~# ln -s /dev/null /dev/brain
homer@head:~# doh!
bash: doh!: command not found
Connection to head closed.
Avatarde Usuario
john_doe
Amigo del Jefe
 
Posts: 133
Registrado: Dom Ene 07, 2007 11:44 am

Re: Security Concerns

Notapor buanzo el Jue Feb 28, 2008 10:53 am

Great, thanks buddy!
Avatarde Usuario
buanzo
Administrador
 
Posts: 673
Registrado: Sab Dic 09, 2006 11:17 am
Ubicación: Buanzonia (ok, Florida, Buenos Aires)


Volver a Buanzo's DonkeyFire

¿Quién está conectado...?

Usuarios navegando este Foro: No hay usuarios registrados visitando el Foro y 0 invitados

cron