On Saturday 13 October 2007 21:27:01 Roger Dingledine wrote: > On Sat, Oct 13, 2007 at 10:50:16AM +0100, Robert Hogan wrote: > > While we're all still 'getting there', controllers could have the option > > of locking the control port if no auth mechanism is enabled, and even > > when it is. Given that users tend not to share installations and most run > > their controller concurrently with tor at all times this would be a > > useful fallback measure. > > Why not have your controller enable authentication when it connects and > doesn't like what it finds? If you want, you can then disable it when > you disconnect. > > This approach would seem to have all the same properties of your > lock/unlock without any new commands or code. > Duh. Don't know where I was going with that one.
Attachment:
signature.asc
Description: This is a digitally signed message part.