[Chilli] uamdomain / uamallowed

Henk Kleynhans henk at skyrove.com
Wed Nov 10 14:18:25 UTC 2010


I fall into the "most would consider camp" here... For example, if I give
access to google.com, I expect there to be access to maps.google.com,
mail.google.com, translate.google.com etc without explicitly setting a
wildcard.

If I wanted to provide access to only a few subdomains, I would specify each
of them explicitly.

Henk



On Wed, Nov 10, 2010 at 12:05 PM, David Bird <david at coova.com> wrote:

> By "single domain" you then mean an implicit "*.domain" match? I suppose
> that is just nomenclature, but I think most would consider a "domain" a
> group of hostnames, not just one (even if that "hostname" is
> "coova.org"). Hmm.. maybe we do explicitly require *-wildcard matching,
> but automatically add the "*" prefix if the uamdomain starts with a
> '.' (for those who already use ".coova.org", for example, in their
> configurations).
>
> On Wed, 2010-11-10 at 09:46 +0100, Wichert Akkerman wrote:
> > On 11/10/10 06:51 , David Bird wrote:
> > > In an effort to make uamdomain a bit more flexible, a change is
> > > required. Right now, DNS queries ending in any uamdomain defined are
> > > added to the garden when resolved. This means it's always "*uamdomain"
> > > in the match. Instead, maybe the "*" should have to be explicitly, as
> in
> > > "uamdomain=*.domain.com" so that you can also do single hostnames such
> > > as "uamdomain=singlehost.domain.com". ?
> >
> > I had always expected uamdomain to specify a single domain, not a
> > wildcard. I feel pretty strongly wildcards should be explicitly
> > specified since they can be a security risk.
> >
> > > Or, uamdomain could be kept as-is (and via an option) hostnames in
> > > uamallowed can be "re-checked" against DNS to pick up any round-robin
> > > (or just new) IP addresses to add to garden ?  This way, the syntax for
> > > uamdomain does not need to change and hostnames used in uamallowed will
> > > update the walled garden when those hostnames are resolved by users
> (and
> > > not just resolved on start-up).
> >
> > Perhaps cache entries for a configurable amount of time?
> >
> > Wichert.
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>



-- 
Henk Kleynhans
CEO & Founder
Skyrove (Pty) Ltd
Technology Top 100 - Most Promising Emerging Enterprise
Tel: 0861 768 377
Cell: +27 (84) 3073451
Fax: +27 (86) 6204077
henk at skyrove.com
 blog: www.geekrebel.com

------

"A person with ubuntu is open and available to others, affirming of others,
does not feel threatened that others are able and good, for he or she has a
proper self-assurance that comes from knowing that he or she belongs in a
greater whole and is diminished when others are humiliated or diminished,
when others are tortured or oppressed." - Desmond Tutu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20101110/a10b5ebd/attachment.htm>


More information about the Chilli mailing list