[tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
James Marshall
james at jmarshall.com
Wed Dec 4 18:57:36 UTC 2013
I asked this before but didn't get a response:
Is there any risk with another local application using Tor's SOCKS 5
interface? I heard a vague comment that it wasn't recommended, but I
haven't heard exactly what the risks are, if any.
This is for CGIProxy, which can use SOCKS 5 to provide a clientless
front-end to the Tor network (clientless in the sense that it doesn't
require an installation on the browsing machine). This could significantly
increase the potential user base of Tor, since many users can't or don't
want to install anything on their browsing machine.
SOCKS 5 is insecure if the client and server are on different hosts and
GSSAPI isn't used, but are there any problems if they're on the same host?
If there are no risks to doing this, then perhaps it should not be
discouraged?
Thanks a lot! Links to previous discussions welcome. I'm curious about
even small potential risks, including any in using CGIProxy. If I don't
hear any response this time, I'll assume it's safe to use Tor like this.
Cheers,
James
More information about the tor-talk
mailing list