[Webkit-unassigned] [Bug 14538] Network port blocking breaks internet banking on major Estonian bank
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun May 22 02:08:54 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=14538
Terje Bless <link at pobox.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |link at pobox.com
--- Comment #9 from Terje Bless <link at pobox.com> 2011-05-22 02:08:54 PST ---
(In reply to comment #6)
> AFAIK, the only substanative change to the port blocking mechanism that shipped in Safari 5 was the addition of ports 6665-6669 to the blacklist. Does the bank use one of these...?
*sigh* I just ran into this while setting up ZNC, an IRC proxy/bouncer. It is desireable to set it up to listen on port TCP/6667—the common port for IRC serveres—so that IRC clients can mostly use the default provided port number; but ZNC also provides a web-based administration interface on the same port (i.e. https://znchost.example.com:6667/). And, as you note, Safari 5 now cannot connect to this port.
You cannot in general prevent arbitrary port numbers. Even the ports registered with IANA for a protocol are only the “well-known” port numbers; there is no general requirement that a service listen only on those ports. There are also about a million different use cases for running services on arbitrary ports; the above being a case in point, a per-user service (which means either the IP or port has to be unique) where the well-known port is not available (normal users cannot bind() to ports TCP/80,443).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list