[Csync2] Public cluster -- Letting a pre-shared key escape
Andreas J. Koenig
andreas.koenig.gmwojprw at franz.ak.mind.de
Sun Apr 16 11:22:09 CEST 2006
>>>>> On Sat, 15 Apr 2006 08:43:00 +1000, "Michael Mansour" <mic at npgx.com.au> said:
> Just to add my 1 cent, spoofing is impossible if the hostnames are contained
> in the /etc/hosts file (and nsswitch looks there first). Is this a problem to
> have in your setup?
Were this setup secure enough, we could omit the storing of SSL
certificates altogether:)
Currently I prefer the option to write the certificate directly to the
database similar to the way I described in my latest posting to this
list, and as far as I can see, it seems to work reliably and I cannot
see security holes left open by this setup.
--
andreas
More information about the Csync2
mailing list