> In theory, yes. It depends on whether the newsreader listens
> only on localhost (as it ought to, IMO) and how smart the firewall is.
> (As an example: On Windows, Mozilla uses a pair of local TCP
> sockets to manage some interprocess communication. This used
> to trigger ZoneAlarm's "program is requesting server rights"
> alert, despite the sockets being bound to 127.0.0.1. For the curious,
> http://bugzilla.mozilla.org/show_bug.cgi?id=100154 has details.)
That ZoneAlarm screws it up is not exactly a ringing endorsement to the idea
of managing local ports. ZA has been such a horrible mess of screwups that
I find it's more trouble that it's worth most of the time.
An app can and, as you suggest, should control what IP address it listens
on. Most of the time there's not much reason to be listening to these
requests from other IP addresses. However, I use an aggregator on another
machine (it's a horrible resource pig) and access it via HTML from another
box. The 127.0.0.1 links won't work, of course but I'd still like to 'push'
them over to that box. I've got a tiny .Net app that does this. So I'd
need my remote aggregator to understand how to listen on more than just the
Forutnately XPsp2 does allow limiting what subnets can access a given port.
So you can go into it's configs and select whether it's just localhost, the
local subnet, others or everything. This is a NICE new feature in XPsp2.
As a developer myself I can understand how the complexities of secure
programming are a pain in the ass. It's often a lot easier to just 'get it
running' and leave out security issues. Sometimes it's hard enough just
getting the code to WORK! But fortunately more people are starting to
understand why security needs to be 'baked in' from the start. Let's hope
the various apps get updated to handle it. This as opposed to the whiners
bitching about sp2 being at fault.