On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote: > On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel <lists@xxxxxxxxxxxx> wrote: > > When there really is a requirement that the external server allows > only a single address to access it and that can't be changed, you > could resort to using a proxy. > What is typical or reasonable for source address restrictions? To dispose of them; they are hopelessly pointless. If you want to authenticate the source use PKI. I know they exist and have personally had to deal with them. That doesn't imply they make any kind of sense. > That > is, if there are 2 global organizations, and one wants to increase > the security on access to a service by limiting to the source > addresses that might come from the other, is there a sane way to > specify it, and to make the application use those addresses at the > right times if the interface has others? If two organizations want to communicate, exclusively and privately, with each other they should establish a tunnel.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
