[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] FileMan 2.0 Available as a package!

Subject: Re: [cobalt-users] FileMan 2.0 Available as a package!
From: Alex Krohn <alex@xxxxxxxxxxxxxxxxxxxx>
Date: Wed Jan 23 10:26:06 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

> I installed the package on one of our test-RAQ's, and it looks great!
> It's easy to use and I really like the option to create a password
> protected dir, and editing the file permissions. 
> 
> I will test it more today to see if I can find any bugs ;).  I'm only
> looking at security now. Is this more insecure than FTP ? (yes, FTP is
> also insecure). 

Probably just as secure as ftp. It uses basic authentication which will
send the username/pass over clear text much like mail or ftp does. 

> Maybe it's an idea to create a SSL for the main site,
> and redirect users to:
> 
> http://your.cobalt.raq/fileman/fileman.cgi
> 
> It could be an option :]

Definately, if you wrapped it in https://, you would eliminate the
sending of password over clear text. To make this change, edit
/home/gossamer/fileman/lib/fileman.pl. The fileman.cgi is a setuid
wrapper that just changes user and runs fileman.pl.

I'd be interested to hear anything else you find.

Cheers,

Alex

-- 
Alex Krohn <alex@xxxxxxxxxxxxxxxxxxxx>

References:
- [cobalt-users] FileMan 2.0 Available as a package!
  - From: Alex Krohn
- Re: [cobalt-users] FileMan 2.0 Available as a package!
  - From: Hans van Kilsdonk

Prev by Date: Re: [cobalt-users] FileMan 2.0 Available as a package!
Next by Date: Re: [cobalt-users] RE: SSL Certificate from Thawte
Previous by thread: Re: [cobalt-users] Another question about: FileMan 2.0 Available as a package!
Next by thread: Re: [cobalt-users] FileMan 2.0 Available as a package!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index