Re: PPP Control
Re: PPP Control
- Subject: Re: PPP Control
- From: Christian Brunschen <email@hidden>
- Date: Tue, 10 Jun 2003 10:22:28 +0200 (MEST)
On Mon, 9 Jun 2003, Joshua Orr wrote:
[ alas I don't seem to have the complete attribution history. Check the
list archives if you really need to. ]
>
>>>> I am using it to dial a number that9s I want to keep hidden. I have
>
>>>> succeeded in getting it to dial and not leave any record of it
>
>>>> except in the
>
>>>> Connection Log in the Internet Connect application.
>
>>>> Is there any way to tell the PPP daemon to not log down a particular
>
>>>> dial,
>
>>>> or is there any way I could get rid of the log entries using my
>
>>>> Cocoa app?
>
>>>
>
>>> It's a bad idea to do this.
>
>>>
>
>>> Why would you want to hide the fact that your app is using the
>
>>> telephone line from the user? The telephone line is a resource which
>
>>> costs the user $$$ ... so, you hiding the fact from her, is a bad
>
>>> thing.
>
>>>
>
>>> I can think of only one reason you would want to do this: nefarious
>
>>> XXX dial-back software $$$-making scam scheme.
>
>>>
>
>>> That's not the sort of software project I'd like to help, and I hope
>
>>> nobody else wants to help write that sort of software, either ...
>
>>
>
>>
>
>> You obviously can't think very well, can you? Please don't assume
>
>> something
>
>> like this, especially when there is a good reason.
>
>>
>
>> If you really want to know, the reason is that I have a 1-800 number
>
>> dial up
>
>> point for people to easily signup for an ISP service. I would rather
>
>> keep
>
>> this 1-800 number a secret to help avoid abuse.
>
>>
>
>> The user knows that the modem is dialing, I would just like to keep the
>
>> 1-800 number dialed from the user.
>
> Hello,
>
>
>
> Just out of interest (sorry to be slow), but what kind of abuse could
>
> you be open to? Surely the connection at your end is authenticated some
>
> how before any communication starts?
>
>
>
> I only ask as I am thinking of implementing something similar (albeit
>
> with a low cost, rather than 0800 number).
>
>
>
> Personally - I would think that having a good, secure system would work
>
> better than attempting to hide your number - although I may have missed
>
> something - it's getting late. Security through obscurity has a habit
>
> of backfiring - just look at the mess Microsoft are in...
>
>
>
> ~ Matt
>
It is authenticated at the other end. But at least I can make it a little
>
bit harder for anyone. I figure that I might as well do all I can...
And then by the time the user gets their next phone bill, they see the
number listed right there in the itemization of the calls they've made.
They can then share that number around just as easily as if they'd had to
dig through the pppd logs.
And of course at the same time you will have managed to make at least some
of your users feel uneasy about the fact that you're dialling a 'secret'
number, precisely because of those scams that are out there that will
'helpfully' dial a _900_-number for you.
I'm going to suggest that this is a bit of 'security' that you would do
well without, because a) it won't actually stop those who want to abuse
your number, and b) it may actually cause negative feedback and resentment
from security-conscious users.
Best wishes,
// Christian Brunschen
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.