Re: [dvd-discuss] Hang the RIAA in their own noose.

[Tom <tom(at)lemuria.org>]

On Wed, Oct 17, 2001 at 02:37:43PM -0700, Richard Hartman wrote:
> Then you should configure your server to use a non-standard
> port.  There are thousands of numbers available, pick one 
> other than 80.  By using the standard port number, you are
> essentially stating "this is for general access".  By picking
> any other number, someone could certainly find it by port
> scanning but you'd have a better case against them for electronic
> trespass.

very unlikely. port numbers do not matter. I'm serious. you can include
port numbers in hyperlinks and the end user will never even notice that
he's accessing a "non standard" port.

what does matter is:

a) system policy and its enforcement
b) visible statements

system policy can be, for example, a password-protection. a visible
statement can be a simple one-liner or a multiple-page acceptable use
agreement.

as a matter of fact, that's what 99.9% of those who want to have
private or restricted access servers do. e.g. the IMAPS port on my
mailserver is open for the world to come in. but as soon as you request
something, it's going to ask you "username? password?". that's the
system policy. if you enter anything else but a valid combination,
it'll say "access denied". that's the visible statement.

if it doesn't say "authorisation required" or something like that, then
it's public, because the internet is a public place.


-- 
-- http://web.lemuria.org
--