Re: Connection to Webmin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mo, den 13.12.2004 schrieb James Wilkinson um 18:41:

> antonio montagnani mentioned:
> > http://localhost:10000/ works
> 
> Alexander Dalloz wrote:
> > What is you problem with it? I would even say, running webmin over plain
> > http and not http/ssl secured is plain stupid.
> 
> In this particular example, it's merely bad practice. It's safe enough
> in that example because the data never leaves the machine (it will go
> over the loopback interface).  And if the computer is properly
> firewalled, no-one can get at port 10000 from outside. And the standard
> Fedora firewall will do this.

[ ... ]

> No, the reason I think it bad practice is simply because you may forget
> and think it safe when you do administer over a not-fully-trusted
> network.
> 
> James.

James,

of course your more detailed discussion is fully correct. I just took
the URL Antonio posted as illustrations. How many webmin users remotely
administer their host over a non secured HTTP connection? means, they
login as root this way. I fear there are a lot! Unfortunately.

From my point of view it would be best if webmin would require the HTTPS
connection under any circumstance. The only problem when installing from
sources is, that it requires a Perl module to activate SSL.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 18:46:08 up 3 days, 13:26, load average: 0.63, 0.54, 0.58 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux