On Tue, Apr 30, 2002 at 10:24:25AM +1000, Tim Johnston wrote: > As a practical matter the security issues you raise aren't of any interest > at all - they are completely irrelevant. > The WHOLE POINT of all this is that is intended for a LOCAL LAN, with > controlled access, and no login access from outside. If that wasn't the > situation, it would probably be inadvisable to use this module. Was > that really not clear from my message ? It was clear that you intended for the module to be used primarily for granting access to users on a local network. It was /not/ clear that you intended for your security model to be totally dependent on the strength of your firewall, which is effectively the case if you don't protect against spoofing DNS to match a tty name. > Incidentally, why do you post your messages as attachments ? My > impression is that plain text is the universal standard of lists and > newsgroups. I would suggest that you consider using a more standards-compliant mail client. Steve Langasek postmodern programmer
Attachment:
pgp00049.pgp
Description: PGP signature
