RPC is obsolete? Pray tell what the replacement is for negotiating a port between servers and clients.
Using fixed port numbers? Sweet for services that have low port numbers assigned, and only need to run one instance per IP. However, fixed high port numbers is one of the leading causes of network issues, simply because there's no facilities in the operating systems for pre-allocating a port, so it might be allocated randomly before the application who wants it starts. Most people don't even know that this is what's happening, and assumes it's an OS or software bug that forced them to restart or retry.
Yes, it's a bug -- the bug is to rely on pre-set high port numbers for listening services. It should NEVER be done, unless you can also GUARANTEE that the port is available beforehand.
That's where RPC comes in handy, and solves the over-allocation problems, by negotiating a port with the client.
There's nothing wrong with RPC in itself -- it's a SMART feature, that should be used more than it is. However, the *implementations* of RPC are far from perfect.




[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/193/23379#23379