[
Lists Home |
Date Index |
Thread Index
]
- From: "Alexander Falk" <falk@icon.at>
- To: "Bob Kline" <bkline@rksystems.com>
- Date: Sat, 13 May 2000 08:51:56 +0200
Hi Bob,
I will certainly have our engineers look into this on Monday. Could you
please send information on what sort of firewall product you are using to us
at mailto:beta@xmlspy.com so that we can try to reproduce this behavior or
contact the firewall vendor.
If you are using a personal-style firewall (i.e. one installed on your local
machine) this question may simply be one that is always asked when a
software sends any _broadcast_ packet. As I explained in my last message,
ICComNet is sending a couple of UDP broadcast datagrams upon startup -
normally such packets are not routed beyond the local network segment, so
I'm rather curious why your firewall should pose this question at all.
Anyway, I should add one technical detail regarding ICComNet and firewalls,
that is also contained in the new online help system and printable manual
for the release version: the TCP and UDP port numbers used by ICComNet are
2799, which is the icon-discover protocol port number assigned to us by the
IANA (see http://www.isi.edu/in-notes/iana/assignments/port-numbers for
details). We have registered our own protocol for two simple reasons:
a) port numbers in this "registered ports" range are typically blocked by
the default setup of firewalls, except if they are allowed on purpose.
Therefore, our use of this protocol should not be posing any security risk,
as it will be well isolated by any reasonably configured firewall.
b) as the recent discussion regarding the security implications of SOAP or
XML-RPC makes clear, piggypacking some new and totally distinct
functionality onto a well known protocol is neither politically correct,
nor, perhaps, a good idea at all.
Sincerely,
Alexander Falk
... Icon Informations-Systeme GmbH
... ALEXANDER FALK
... President, CEO
... http://www.icon.at/falk
----- Original Message -----
From: "Bob Kline" <bkline@rksystems.com>
To: "Alexander Falk" <falk@icon.at>
Cc: <xml-dev@xml.org>
Sent: Friday, May 12, 2000 11:02 PM
Subject: Re: XML Spy and ICComNet
> Thanks for addressing the concerns about your product. However, you may
> have another bug that you're unaware of, because as soon as I started up
> the software, I got separate questions from my firewall, asking first if
> I wanted to allow the software to connect with the internet and then
> (after I said "No" to the first question) whether I wanted to allow it
> to connect the the local network. For software that only attempts to
> connect to hosts on the local network the firewall does not ask the
> first question, so your product may be attempting to do more than you
> think it is. (I also got a third question, asking if I wanted to allow
> the software to act as a server. Another "No.")
***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************
|
