On Sunday 14 October 2007 01:27:58 you wrote: > On Saturday 13 October 2007 21:27:01 Roger Dingledine wrote: > > On Sat, Oct 13, 2007 at 10:50:16AM +0100, Robert Hogan wrote: > > > While we're all still 'getting there', controllers could have the > > > option of locking the control port if no auth mechanism is enabled, and > > > even when it is. Given that users tend not to share installations and > > > most run their controller concurrently with tor at all times this would > > > be a useful fallback measure. > > > > Why not have your controller enable authentication when it connects and > > doesn't like what it finds? If you want, you can then disable it when > > you disconnect. > > > > This approach would seem to have all the same properties of your > > lock/unlock without any new commands or code. > > Duh. Don't know where I was going with that one. On second thoughts, it might be a useful default behaviour to lock the control port automatically whenever an unauthenticated connection is made. The active controller could then choose to unlock the port once connected. I can't think of a use-case for more than one simultaneous connection to the control port, so even if implicit locking is a bit extreme it might be a good idea to notify current control port users when someone else creates a new control session, regardless of authentication. It would also be useful to learn of any other active control sessions when you first connect. The problem with using a random password to 'lock' the control port is that the genuine user is locked out if their control session disconnects unexpectedly. Of course this shouldn't happen but ...
Attachment:
signature.asc
Description: This is a digitally signed message part.