Security Basics mailing list archives

Trusting localhost?

From: Craig Minton <CraigSecurity () blazemail com>
Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT)

If you are creating an application that communicates using TCP, but only
 want to take requests from the localhost, are there reasons why you 
would not want to check that the incoming request is from localhost and 
then trust it?  This is in a Windows environment.  Would IP spoofing 
work if the application was checking for the IP address 127.0.0.1?  If 
so, how likely is it that IP spoofing would work today, in a corporate 
environment?

Thank you for any direction you can provide.



_____________________________________________________________
Fight the power!  BlazeMail.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Trusting localhost? Craig Minton (Jul 25)
- Re: Trusting localhost? Birl (Jul 28)
- Re: Trusting localhost? Jude Naidoo (Jul 28)
- <Possible follow-ups>
- Re: Trusting localhost? DownBload (Jul 28)
- Re: Trusting localhost? chris (Jul 28)
  - RE: Trusting localhost? David Gillett (Jul 28)