Cart
[Home] [By Thread] [By Date] [Recent Entries]
On Tue, 17 Apr 2001, Stefan Zier wrote: > > ...but if you're going to use TCP for RPCs, for God's sake don't use port > > 80; that's for transferring hypertext. We have 65,000 or so port numbers > > to choose from. If we use different port numbers for different things, > > firewall administrators can make networks secure by controlling what does > > and doesn't get let through. If Web browsing and RPCs all go over the same > > port, then it's hard to disallow or control RPCs without affecting web > > browsing. > > It's a cat and mouse thing: more and more applications use port 80/HTTP > because firewall admins only allow web browsing. In return, firewall admins > move towards application level firewalls (aka proxies) instead of simple > packet filters. So in the end, both writing applications that are supposed > to go through firewalls and firewalls that disallow these applications > become more and more complex and, in general, a bit pain. It's a generalized thing. Security is good until it becomes enough of a pain in normal operation that people start routinely circumventing it. The classic example is 'change password' routines that only allow login passwords that are difficult to guess - but impossible to remember. So people put them on sticky notes on their monitor. I've even seen them programmed into the 'Fn' keys on a keyboard. Hence 'WebMail', 'WebFTP', 'WebRPC', .... Ultimately, it isn't a technical issue but a people one. You have competing interests needing to be satisfied - the interest in a secure IT infrastructure and interest in getting people's jobs done efficiently. -- Benjamin Franz
|
