mailing list archives
General security question
From: TDyson () sybex com
Date: Sat, 11 Nov 2000 08:08:01 -0800
We are getting ready to do business with a remote warehouse. We will send
them order details, they will ship the order and send us back shipping
We'll be using a VPN, I have no idea what security they have at the other
We are debating communication protocols: sockets connection or ftp. We can
send data server to server via a sockets connection, with a custom listener
at either end. The listener would be a very dumb daemon that only
understood a limited protocol.
The other option is to drop the messages to a text file and ftp them to a
3rd server. That 3rd server would be locked down pretty tightly. With the
ftp scenario, no outside party touches my accounting server directly.
It seems to me that the ftp option has inherently lower risk, but I can't
convincingly explain why to other people on the project. They say, "Hey it
is a dumb daemon, not even a telnet session, so what could possibly be sent
to it to hurt the accounting server." Um, ah, that sounds like a gross
simplification to me.
Am I wrong, or can somebody give me a list of potential security problems
on the socket connection?
Director of Information Services
firewall-wizards mailing list
firewall-wizards () nfr com
- General security question TDyson (Nov 12)