Richard, Lets say one of my users is targetted by a hacker and they manage to install a malware process on their system that will capture all the data flowing between the 2 processes. Then they do not need to be sitting in the victim's chair. But if the data was encrypted, this wouldn't matter.
On Mon, Feb 1, 2021 at 4:02 PM Richard Gaskin via use-livecode < use-livecode@lists.runrev.com> wrote: > Tom Glod wrote: > > > On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin wrote: > >> The main benefit of encrypted sockets is to mitigate man-in-the- > >> middle attacks. > >> > >> If you have a man in the middle of processes on a local computer that > >> isn't you, it would seem you have bigger concerns. ;) > ... > > Hi Richard...the man in the middle attack is exactly the thing I was > > thinking of. > > > It seems I didn't write clearly. > > With localHost the man in the middle is you, or someone else with > physical access to your computer (which is more or less the same thing). > > Given the old adage that physical access = root, I'm unable to think of > a scenario in which encrypting localhost sockets is beneficial. Am I > overlooking something? I'm no CISSP, so I may well be. > > -- > Richard Gaskin > Fourth World Systems > Software Design and Development for the Desktop, Mobile, and the Web > ____________________________________________________________________ > ambassa...@fourthworld.com http://www.FourthWorld.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Mobile:647.562.9411 _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
