Setting up Stockfish on a server
Moderators: hgm, Rebel, chrisw
-
Jon12345
- Posts: 80
- Joined: Tue May 11, 2010 6:18 pm
Re: Setting up Stockfish on a server
Not sure how an untrusted FEN could do anything. Doesn't it just get processed for an evaluation?
Jon
-
hgm
- Posts: 27811
- Joined: Fri Mar 10, 2006 10:06 am
- Location: Amsterdam
- Full name: H G Muller
Re: Setting up Stockfish on a server
You could send it garbage input designed to make the engine crash, and do specific unwanted things. (Such as sending your bank statements to someone else.) This is a favorite hacker method: send a program some input that it is not designed to handle but will naively except (e.g. a very long message, which overruns the reserved input buffer, and then writes stuff in memory locations where it controls later behavior of the program).
When using connect.exe as a server you are supposed to be protected against that by getting no access to Stockfish unless you give the correct password. But as it doesn't use a https connection, I suppose it would in theory be possible for people to eavesdrop on your password.
When using connect.exe as a server you are supposed to be protected against that by getting no access to Stockfish unless you give the correct password. But as it doesn't use a https connection, I suppose it would in theory be possible for people to eavesdrop on your password.