HTCondor Project List Archives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-devel] BIND_ALL_INTERFACES

Date: Mon, 24 Mar 2008 15:11:05 -0700
From: Derek Wright <wright@xxxxxxxxxxx>
Subject: Re: [Condor-devel] BIND_ALL_INTERFACES

On Mar 20, 2008, at 11:51 AM, Todd Tannenbaum wrote:

I cannot think offhand of any downside....

The only minor downside is that it's *SLIGHTLY* less secure bydefault, since Condor will listen on every interface. In a few rarecases, this isn't what people want. According to the generalprinciple of "secure by default", arguably it's better to have to goout of your way to configure Condor to listen to more networks/ports.

That said, the safety/convenience trade-off here is such that weshould probably just change the default. ;) The difference in actualsecurity as a result of this would be extremely minor, while theusability improvements would potentially be pretty large.

Cheers,
-Derek

References:
- [Condor-devel] BIND_ALL_INTERFACES
  - From: Dan Bradley
- Re: [Condor-devel] BIND_ALL_INTERFACES
  - From: Todd Tannenbaum

Prev by Date: [Condor-devel] Fwd: FreeBSD 64-bit Patches
Next by Date: Re: [Condor-devel] SCHEDD_NAME
Previous by thread: Re: [Condor-devel] BIND_ALL_INTERFACES
Next by thread: [Condor-devel] Fwd: FreeBSD 64-bit Patches
Index(es):
- Date
- Thread