[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dvd-discuss] Hang the RIAA in their own noose.




> -----Original Message-----
> From: Jeme A Brelin [mailto:jeme@brelin.net]
> Sent: Wednesday, October 17, 2001 9:22 PM
> To: 'dvd-discuss@eon.law.harvard.edu'
> Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
> 
> 
> 
> On Wed, 17 Oct 2001, Richard Hartman wrote:
> > > @!@!@! No. About 99.99% of the stuff on my web server is 
> intended only
> > > for me to access it. Most of it is various documentation of a
> > > half-dozen programming languages and other mirrors&data. If anyone
> > > else accesses it, they are either a cracker, or they are 
> exploiting a 
> > > misconfiguration. None of that data is intended for public access.
> > 
> > Then you should configure your server to use a non-standard port.  
> > There are thousands of numbers available, pick one other 
> than 80.  By
> > using the standard port number, you are essentially stating "this is
> > for general access".  By picking any other number, someone could
> > certainly find it by port scanning but you'd have a better case
> > against them for electronic trespass.
> 
> You're under the mistaken impression that a web server allows 
> access to
> anyone.
> 
> He can offer web services on port 80 and still have them password
> protected or only allowing connections from certain hosts.
> 

No, not really a misteaken impression.  There are certainly
other ways to protect access than obscurity (which is not
even the best way).  But he is arguing the opposite: just
because it is open and on port 80 does not mean that I grant
any-and-everybody permission to that data.  I am saying that
by setting up the information server on the standard port and
without other protection, he _is_ implicity granting such
permssion.

-- 
-Richard M. Hartman
hartman@onetouch.com

186,000 mi./sec ... not just a good idea, it's the LAW!