The default sockpol.exe delievered by Unity poses security risks we noticed after a while. Equally surprised and shocked we realized that this software is dangerous. Some examples that have led to this conclusion:
- Serious security flaw: because of the fixed port 843, which is an official port of the system (all ports below are system reserved ports from 1024), sockpol.exe needs to be executed as an admin under Linux. That means if there's a malicious access to the sockpol process, the attacker can do literally what he wants to your server - including erasing all data.
- Performance-Impact: Any connection to the sockpol.exe remains open until the server receives a response from the client. And each connection consumes a lot of power - we were able to observe an open connection consuming up to 50% of the CPU.
- No overview: sockpol.exe does not write any log files.
- In addition there are no simple tests for the socket policy server available.
- In order to start sockpol.exe using Mac or Linux, Mono must be installed. In our case, we had to install the whole thing on our server - for a really tiny file.
Due to these problems, we have made the decision to create RSockpol.
- Secure socket policy server alternative for Unity
- Port, time-out und queue size for incoming connections are freely configurable
- Fully customizable logging
- Much faster response time (20-50% performance gain)
- Configurable test application
- Runs on Windows, Mac and Linux
- Detailed tests, documentation & support
- Full C# and Java Source Code