Re: [cobalt-users] Severe Security Problem Between Sites

[Liz <daldog@xxxxxxxx>]

On Tuesday - 03/28/2000 (07:35 AM) - Michael Hoennig wrote...

> 1. Everybody has Telnet access to ALL sites!

That's precisely why I don't give virtual sites Telnet access.  Security 
stinks on the RaQ3.  This isn't an OpenSource Linux problem, this is a 
Cobalt problem with not addressing this security issue.  No user should be 
able to freely move about the whole server and be able to read another's 
directory or files.

> 2. Everybody has access to all sites via PHP!

That's an interesting heads up!   Which version are you using, PHP3 or PHP4 
(beta)?


> 4. MySQL root password is not set

MySQL docs use to say you're suppose to set the mysqladmin password after 
you've finished installing it.  Older MySQL docs included this in the 
instructions.  Without reading the verbose docs for the latest release I 
couldn't say for sure if MySQL included the same  instructions.

> Who do you all deal with these problems? Or is all that no problem in
> your way of using the Cobalt?

Considering Cobalt freely waves that "you'll void your warrantee" warning 
flag over everyone's heads while not addressing the issues, and now is 
charging for support, I would suppose that's the reason why people had 
learned to work around the problems which exist on the RaQs.

Something to ponder regarding Cobalt's lack of immediate response times for 
addressing current security issues in their software -- could it be that 
Cobalt is busying themselves too much with buying up other companies while 
not concentrating their efforts on supporting their current product's 
software bugs?   It makes anyone wonder where this company is heading and 
what their long term goals are.  After looking at their recent stock's 
performance it's a wonder where this company will be in six to ten 
months.  http://finance.yahoo.com/q?s=COBT&d=3mm
Nose dive?

Liz