Behavioral Differences
Secure daemons exhibit slight differences in behavior from their non-secure counterparts. This section summarizes those differences.
Automatic Start and Stop
rvd can start either automatically or by explicit command. In contrast, administrators must start rvsd by explicit command.
rvd can stop automatically after an interval in which it has no clients (see rvd, and -no-permanent). In contrast, rvsd does not stop automatically.
Subject Gating
Secure daemons are silent when subject gating parameters preclude send or listen operations:
| • | Subjects authorized for sending can flow from client transports out to local networks. |
A client transport that sends a message with an unauthorized subject does not receive any error indication; instead, the secure daemon silently discards the message.
| • | Subjects authorized for listening can flow to client transports from local networks. |
A client transport that creates a listener with an unauthorized subject does not receive any error indication—but the resulting listener object never receives any messages.
Default Network and Service
Secure daemons and non-secure daemons behave differently when a client transport specifies a default value (that is, null) for its network or service parameter. Non-secure daemons use external defaults; see Specifying the UDP Service and Constructing the Network Parameter. In contrast, secure daemons use internal defaults—which you can configure using the browser administration interface; see Default Network and Service.
Browser Connections
Secure daemons automatically open both HTTP and HTTPS ports for browser administration interface connections—unless you specify otherwise. When an HTTPS connection is available, the daemon uses it; that is, whenever possible, it transfers non-secure HTTP communication over to its secure HTTPS connection.
You can block the secure HTTPS connection by specifying -http-only, which leaves only the non-secure HTTP connection.
You can block all browser administration interface connections by specifying -no-http.