True, webmin does use the loopback interface. However, every read or
change must be transmitted two and from the client machine, including
the username and password used to access it. Anybody on the inside of
the network could easily sniff all of the information they need.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
James Wilkinson wrote:
In this particular example, it's merely bad practice. It's safe enough
in that example because the data never leaves the machine (it will go
over the loopback interface). And if the computer is properly
firewalled, no-one can get at port 10000 from outside. And the standard
Fedora firewall will do this.