[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Any risks with another application using Tor's SOCKS 5 interface?



I asked this before but didn't get a response:

Is there any risk with another local application using Tor's SOCKS 5
interface?  I heard a vague comment that it wasn't recommended, but I
haven't heard exactly what the risks are, if any.

This is for CGIProxy, which can use SOCKS 5 to provide a clientless
front-end to the Tor network (clientless in the sense that it doesn't
require an installation on the browsing machine).  This could significantly
increase the potential user base of Tor, since many users can't or don't
want to install anything on their browsing machine.

SOCKS 5 is insecure if the client and server are on different hosts and
GSSAPI isn't used, but are there any problems if they're on the same host?

If there are no risks to doing this, then perhaps it should not be
discouraged?

Thanks a lot!  Links to previous discussions welcome.  I'm curious about
even small potential risks, including any in using CGIProxy.  If I don't
hear any response this time, I'll assume it's safe to use Tor like this.

Cheers,
James
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk