Re: Connection to Webmin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alexander Dalloz ha scritto/wrote il giorno/on 13/12/2004 18:51:

Am Mo, den 13.12.2004 schrieb James Wilkinson um 18:41:



antonio montagnani mentioned:


http://localhost:10000/ works


Alexander Dalloz wrote:


What is you problem with it? I would even say, running webmin over plain
http and not http/ssl secured is plain stupid.


In this particular example, it's merely bad practice. It's safe enough
in that example because the data never leaves the machine (it will go
over the loopback interface). And if the computer is properly
firewalled, no-one can get at port 10000 from outside. And the standard
Fedora firewall will do this.



[ ... ]



No, the reason I think it bad practice is simply because you may forget
and think it safe when you do administer over a not-fully-trusted
network.

James.



James,

of course your more detailed discussion is fully correct. I just took
the URL Antonio posted as illustrations. How many webmin users remotely
administer their host over a non secured HTTP connection? means, they
login as root this way. I fear there are a lot! Unfortunately.

From my point of view it would be best if webmin would require the HTTPS
connection under any circumstance. The only problem when installing from
sources is, that it requires a Perl module to activate SSL.

Alexander




Alexander&James,

tnx for your help.
Some comment from a standard user that switched his systems from Microsoft .... ;-), and he is trying to learn (learning curve is very steep, indeed)

a) My two systems are fully firewalled and only hard wired networks
b) I realized that I could have a SSL connection to Webmin yesterday night when suddenly one of my Webmin refused connection if not by https:...... and SSL option was enabled (not by me, because I didn't know of this option)
c) this happened suddenly after upgrade from FC2 to FC3 on one system
d) on the other system FC3 from FC2, this afternoon I tried to enable SSL, but module was not installed: I tried to follow instructions as x Webmin site, but module installation didn't succeed, I tried to install from CPAN
e) If I list Perl modules on Webmin on the SSL enabled machine I do not see any Perl module for SSL.
f) How could I have SSL enabled Webmin on one system??

Tnx for help



--

Antonio M.

===================================================================
Working with  Mozilla Thunderbird 0.9 on Redhat Linux Fedora Core 3
===================================================================
===================================================================
    Uso Mozilla Thunderbird 0.9 su Redhat Linux Fedora Core 3
		www.montagnani.org
===================================================================

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux