1 |
On Sunday 24 Jan 2016 11:40:04 Rich Freeman wrote: |
2 |
> On Sun, Jan 24, 2016 at 10:56 AM, Grant <emailgrant@×××××.com> wrote: |
3 |
> > So the user is safe if I send all internet requests from her remote |
4 |
> > laptop through the Zerotier connection (instead of only sending |
5 |
> > requests to my server through Zerotier)? |
6 |
> |
7 |
> It depends on what you mean by "safe." If you mean that there is no |
8 |
> possibility of malware stealing or messing with your data this is the |
9 |
> case if: |
10 |
> |
11 |
> As long as: |
12 |
> 1. You ensure that no malware enters through zerotier. |
13 |
> 2. No malware is present before you set up zerotier. |
14 |
> 3. No network connections are ever used other than zerotier. |
15 |
> |
16 |
> If you mean safe to mean that nothing bad happens to the user's system |
17 |
> that wouldn't have happened if they use their own internet connect, |
18 |
> there is no real harm in using yours, assuming you don't leak your own |
19 |
> malware onto their system. |
20 |
|
21 |
As Rich alludes to if through Zerotier the user can only connect to your |
22 |
webserver and no connections of the user are forwarded (through your Zerotier- |
23 |
LAN, or your webserver) to the Internet, the XSS kind of threats will be |
24 |
contained. |
25 |
|
26 |
However, as I understand it the Zerotier provides a split tunnel arrangement. |
27 |
The user will be able to use their browser to connect through Zerotier to your |
28 |
LAN, while through another window on the same browser they will be able to |
29 |
connect to the Internet using their own network. |
30 |
|
31 |
-- |
32 |
Regards, |
33 |
Mick |