HTCondor Project List Archives



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-devel] BIND_ALL_INTERFACES




On Mar 20, 2008, at 11:51 AM, Todd Tannenbaum wrote:

I cannot think offhand of any downside....

The only minor downside is that it's *SLIGHTLY* less secure by default, since Condor will listen on every interface. In a few rare cases, this isn't what people want. According to the general principle of "secure by default", arguably it's better to have to go out of your way to configure Condor to listen to more networks/ports.

That said, the safety/convenience trade-off here is such that we should probably just change the default. ;) The difference in actual security as a result of this would be extremely minor, while the usability improvements would potentially be pretty large.

Cheers,
-Derek