[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Webmin
- Subject: Re: [cobalt-developers] Webmin
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Wed Aug 15 07:01:30 2001
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
At 01:58 PM 8/15/01 -0700, Chaim Krause wrote:
>I have a question though. It sounds like you feel the Webmin is insecure.
>How is it anymore insecure than the stock Cobalt GUI?
I should say upfront that I have not worked with Webmin before, but I
understand the model under which it operates. I don't know it to be
insecure, but I also don't know of any third-party security audits it's
undergone. Same goes for the Cobalt GUI. Maybe I see the world "through
dark-green glasses" thanks to having seen too much bad code...
After I sent my last e-mail listing my recommendations, I went to their Web
site and happened to find the same suggestions outlined there. It's just
standard practice to lock down remote-control apps as much as possible,
especially in a hostile Web server environment.
As a further measure of security, you can lock down Webmin access even
further by binding it to only the localhost adapter. When you want to use
it, open an SSH connection to the server (you use SSH with both password
and public-key authentication, right?) and open a tunnel to the server. If
you need me to explain tunnelling, just ask.
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------