| 1 |
On Sunday 24 Jan 2016 11:40:04 Rich Freeman wrote: |
| 2 |
> On Sun, Jan 24, 2016 at 10:56 AM, Grant <emailgrant@×××××.com> wrote: |
| 3 |
> > So the user is safe if I send all internet requests from her remote |
| 4 |
> > laptop through the Zerotier connection (instead of only sending |
| 5 |
> > requests to my server through Zerotier)? |
| 6 |
> |
| 7 |
> It depends on what you mean by "safe." If you mean that there is no |
| 8 |
> possibility of malware stealing or messing with your data this is the |
| 9 |
> case if: |
| 10 |
> |
| 11 |
> As long as: |
| 12 |
> 1. You ensure that no malware enters through zerotier. |
| 13 |
> 2. No malware is present before you set up zerotier. |
| 14 |
> 3. No network connections are ever used other than zerotier. |
| 15 |
> |
| 16 |
> If you mean safe to mean that nothing bad happens to the user's system |
| 17 |
> that wouldn't have happened if they use their own internet connect, |
| 18 |
> there is no real harm in using yours, assuming you don't leak your own |
| 19 |
> malware onto their system. |
| 20 |
|
| 21 |
As Rich alludes to if through Zerotier the user can only connect to your |
| 22 |
webserver and no connections of the user are forwarded (through your Zerotier- |
| 23 |
LAN, or your webserver) to the Internet, the XSS kind of threats will be |
| 24 |
contained. |
| 25 |
|
| 26 |
However, as I understand it the Zerotier provides a split tunnel arrangement. |
| 27 |
The user will be able to use their browser to connect through Zerotier to your |
| 28 |
LAN, while through another window on the same browser they will be able to |
| 29 |
connect to the Internet using their own network. |
| 30 |
|
| 31 |
-- |
| 32 |
Regards, |
| 33 |
Mick |
Archives