4736Re: [decentralization] uServ project
- Dec 3 6:59 AMDuring uServ login, a client provides an authenticating password, after
which a unique "cookie" is assigned to establish a session. This cookie
has to be presented to the coordinator with the appropriate instructions
by a client before the coordinator will activate any proxy to accept
connections on its behalf. Similarly, the coordinator will only activate
replicas for which the client has listed as authorized replicas for his
site. So there is no way for another client to spoof being a proxy or
replica unless they've sniffed the client's session cookie or stolen the
Hugh Pyle wrote:
> Very interesting. One comment -
> What measures are in place to secure the system against spoofing (eg.
> of the "replica" or "proxy" function)? Although you discuss security
> in the paper, a major attack point not discussed would be to trick the
> controller into believing that your target is offline or firewalled
> and that you are their proxy.
> > uServ is a project at IBM which exploits P2P techniques to provide a
> > reasonable alternative to paid web hosting services for a wide class
> > users.
> To unsubscribe from this group, send an email to:
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
- << Previous post in topic Next post in topic >>