Re: PPP Control (One More Question)
Re: PPP Control (One More Question)
- Subject: Re: PPP Control (One More Question)
- From: Joshua Orr <email@hidden>
- Date: Tue, 10 Jun 2003 11:03:48 -0600
>
On Mon, 9 Jun 2003, Joshua Orr wrote:
>
>
[ alas I don't seem to have the complete attribution history. Check the
>
list archives if you really need to. ]
>
>
>>>>> I am using it to dial a number that9s I want to keep hidden. I have
>
>>>>> succeeded in getting it to dial and not leave any record of it
>
>>>>> except in the
>
>>>>> Connection Log in the Internet Connect application.
>
>>>>> Is there any way to tell the PPP daemon to not log down a particular
>
>>>>> dial,
>
>>>>> or is there any way I could get rid of the log entries using my
>
>>>>> Cocoa app?
>
>>>>
>
>>>> It's a bad idea to do this.
>
>>>>
>
>>>> Why would you want to hide the fact that your app is using the
>
>>>> telephone line from the user? The telephone line is a resource which
>
>>>> costs the user $$$ ... so, you hiding the fact from her, is a bad
>
>>>> thing.
>
>>>>
>
>>>> I can think of only one reason you would want to do this: nefarious
>
>>>> XXX dial-back software $$$-making scam scheme.
>
>>>>
>
>>>> That's not the sort of software project I'd like to help, and I hope
>
>>>> nobody else wants to help write that sort of software, either ...
>
>>>
>
>>>
>
>>> You obviously can't think very well, can you? Please don't assume
>
>>> something
>
>>> like this, especially when there is a good reason.
>
>>>
>
>>> If you really want to know, the reason is that I have a 1-800 number
>
>>> dial up
>
>>> point for people to easily signup for an ISP service. I would rather
>
>>> keep
>
>>> this 1-800 number a secret to help avoid abuse.
>
>>>
>
>>> The user knows that the modem is dialing, I would just like to keep the
>
>>> 1-800 number dialed from the user.
>
>
>> Hello,
>
>>
>
>> Just out of interest (sorry to be slow), but what kind of abuse could
>
>> you be open to? Surely the connection at your end is authenticated some
>
>> how before any communication starts?
>
>>
>
>> I only ask as I am thinking of implementing something similar (albeit
>
>> with a low cost, rather than 0800 number).
>
>>
>
>> Personally - I would think that having a good, secure system would work
>
>> better than attempting to hide your number - although I may have missed
>
>> something - it's getting late. Security through obscurity has a habit
>
>> of backfiring - just look at the mess Microsoft are in...
>
>>
>
>> ~ Matt
>
>
> It is authenticated at the other end. But at least I can make it a little
>
> bit harder for anyone. I figure that I might as well do all I can...
>
>
And then by the time the user gets their next phone bill, they see the
>
number listed right there in the itemization of the calls they've made.
>
They can then share that number around just as easily as if they'd had to
>
dig through the pppd logs.
>
>
And of course at the same time you will have managed to make at least some
>
of your users feel uneasy about the fact that you're dialling a 'secret'
>
number, precisely because of those scams that are out there that will
>
'helpfully' dial a _900_-number for you.
>
>
I'm going to suggest that this is a bit of 'security' that you would do
>
well without, because a) it won't actually stop those who want to abuse
>
your number, and b) it may actually cause negative feedback and resentment
>
from security-conscious users.
>
>
Best wishes,
>
>
// Christian Brunschen
>
Well, you have convinced me. One last question. I want to make sure they
can't pull out the PPP user name and password for the 800 numbe dial out of
the binary code. I was thinking about making it incorrect in the binary, and
applying some sort of transformation to it at run time to get the correct
strings.
Any suggestions?
Thanks!
-Joshua D. Orr-
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.