[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] root login on RaQ3

Subject: Re: [cobalt-users] root login on RaQ3
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon Mar 13 23:12:15 2000

At 01:50 PM 3/11/00 -0500, you wrote:

> >MAJOR security risk to allow direct root logins.

don't overlook the 'i did it because i could' factor, allowing root logins
means you probably would login as root ... just because it's easy...

The security hole is NOT in that you can login as root or not. It's thatother people can log in as root....

You see, "root" is a known user name with login privileges, on everyunix/linux box.


So dictionary attacks only have to guess passwords.

For other users, they have to guess the username as well as the password.

Jeff

--
Jeff Lasman <jblists@xxxxxxxxxxxxx>

Follow-Ups:
- Re: [cobalt-users] root login on RaQ3
  - From: Jens Kristian Søgaard

References:
- [cobalt-users] root login on RaQ3
  - From: root

Prev by Date: Re: [cobalt-users] Personal Nameservers
Next by Date: Re: [cobalt-users] (RaQ3) Pointers and Python
Previous by thread: [cobalt-users] root login on RaQ3
Next by thread: Re: [cobalt-users] root login on RaQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index