According to Dale Babiy: > > On Wed, 12 Apr 1995, der Mouse wrote: > > > > Is there a "better" NIS [...] > > > > I'd be interested in hearing about any such. I'm almost ready to try > > my hand at writing one myself, but so far the perceived need has not > > yet been sufficient to make me allocate the time. > > We're running NeXTStep here, do you, or anyone else for that matter, know > of any security holes concerning the NetInfo NIS(type) system that deals > with our local information sharing? > > So far we've been lucky, I'd like to stop being lucky and start being > resonably intelligent. > I don't know of any gaping, obvious holes in NetInfo, although I have yet to really sit down and try to find any (which is on my list of things to get to, some day). You should enable the "Limit information to local network" option (see the on-line sys-admin docs for information on just how to do this (I don't remember off the top of my head :-)). Also, because NetInfo is rpc based, you would be well advised to protect your network with a filtering bridge or router. As is typical for rpc based services, NetInfo doesn't use any fixed port, so I very muchs suggest a filtering strategy of blocking everything except that which is expressly permitted. And while I'm at it, I believe NeXT's portmap suffers from the bug that it will allow complete NFS access for any packets claiming to be from the loopback address (once again, this is something I need to test and verify). benji -- Benjamin R. Cline Large Furry Mammal benji@haven.boston.ma.us Never set sail with two opinions, always take one or three. Government should be like bamboo: strong, light, flexible