[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] telnet access to users?
- Subject: Re: [cobalt-users] telnet access to users?
- From: "Steven Werby" <steven@xxxxxxxxxxxx>
- Date: Thu Jan 20 12:17:11 2000
Kris Dahl <kris@xxxxxxxxxxxxx> wrote:
> This is my whole point really. I'm not worried about the casual user.
I'm
> worried about the hard core guy that is going to get in one way or
another.
> Any of these 'precautions' seem silly to me, because they WILL find a way
to
> get into your system if they really want.
> There is nothing wrong with people being able to 'snoop' around a server.
I agree that the casual user is not usually a concern, but envision that you
do hosting and design and you have five clients who are architecture firms
and you have their virtual sites on the same server and further assume that
they are competing for the same business. You may not want client A to know
that client B is your client even though you have a confidentially agreement
with all clients. And even if that's not a concern, you may not want client
A snooping around client B's files b/c they can likely learn something
useful that client B would not want them to know just by observing their
file names, sizes and dates. Chances are good they could find out something
about client B's contracts, proposals, employees, etc. "ls" doesn't care
that the .htaccess file has the directory password protected. Limiting "ls"
to their own files may help, but what about "locate" and "find"? This might
be a fun command for a client to try to get all your user accounts and spam
them:
ls /home/sites/*/users > email_addresses. I guarantee this is how spammers
found my email address a couple of years ago when I had a site hosted on
another company's server.
I'm not trying to take sides. I'm simply challenging those of you reading
this post to envision what may be a problem for you now or in the future.
Make sure your TOS CYA in case something happens that a client doesn't like.
And, yes it would be wise not to have five architecture firm clients on the
same server. But, it happens.
> Personally, I have been getting really turned off of the whole
leased/shared
> server bit. Its getting SO inexpensive to own and operate your own server
> that it really starts to make sense. If its a small-medium site, you can
> host it on a standard DSL line for less that $100 / mo. I can co-located
on
> a 10MB network for less that $200 / mo (for like 5 gigs xfer). Its just
> doesn't make sense to share servers anymore (IMHO). I'm kinda excited
about
> the Cursoe chips--think instead of having a virtual host, you have a real
> web server that is no larger than a 3.5" hard drive. Cheap too.
I agree 100% that if a business wants to conduct business on the net (as
opposed to server static info. pages), having a server that is not shared is
very economical. But for Joe User with a personal homepage or a small fun
project site that's not really necessary.
Steven {steven@xxxxxxxxxxxx}