On Wed, Mar 15, 2006 at 01:10:47PM +0000, Owen Synge wrote:
> On Wed, 15 Mar 2006 10:15:07 +0000
> brian davies <[log in to unmask]> wrote:
>
> > graeme. i think lancaster needs a test since we have had problems with
> > fts and never had your script work. it maybe a problem because i have
> > been using my atlas area ( which could be a vo specific problem which
> > would be bad) but most likely a problem with our setup.
> > regards
> > brian
>
> My concerns are based upon the fact that as far as I know all
> communication between admin and pool node is unauthenticated and dynamic
> in ports used, It uses the rather old RPC model for example NFS. The most
> dangerous feature is the host/uid based authentication.
Actually for pnfs it is much worst since the exported filesystems have
a predictable file handle (it's even in the dcache manual) so if you
do not have a firewall everyone can access it :(
Cheers,
Kostas
|