Article Preview
Buy Now
FEATURE
Networking 401
Issue: 4.3 (January/February 2006)
Author: Aaron Ballman
Author Bio: Aaron is currently employed by REAL Software and does anything you ask him to do (so long as you ask nicely). He likes to fish, bowl, and in his spare time he recently started learning about networking.
Article Description: No description available.
Article Length (in bytes): 19,273
Starting Page Number: 25
Article Number: 4311
Related Link(s): None
Excerpt of article text...
In previous articles, we discussed a lot of the background with the TCP and UDP protocols. Additionally, we discussed the APIs that you can use when dealing with these two protocols. In this article, we're going to delve into a lot more networking theory. Everything from why things behave the way they do, to speeding up your networking code, and beyond!
Port security
You may have noticed by now that on some OSes, you cannot listen on a port less than 1024. This is a security feature that is present on some systems so that only the super-user can listen on well-known ports. The thought process behind this is so that you can't have a malicious application listening on port 80 then doing something nasty (either to the remote machine or the local machine). So which systems is this an issue on? OS X and Linux are security oriented; on those systems you need to have special permissions (called
root permissions ) to be able to bind to ports below 1024. Currently shipping versions of Windows (as well as Mac Classic) are not as security-minded and so they will let you listen on well-known ports without issue. This may not always be the case for future versions of Windows, so you shouldn't be relying on that behavior. Basically, always assume that you have to do something special in order to listen on well-known ports.
So what should you do so that you can listen on these ports? There are obviously some very good reasons for you to want to write an application that listens on a standard port, such as wanting to write a web server. Well, you can require the user to run your application with root permissions, but that's a hassle to require your user to do that, and it poses major security concerns. So the recommended way is to have your application authenticate itself when it needs to gain permissions to be able to bind to the well-known port. How this authentication works is platform dependant. For example, on OS X you can use the Security Framework to authorize your application. On Linux, you can use the setuid function to gain or drop privileges as needed.
More on security
...End of Excerpt. Please purchase the magazine to read the full article.