Connection to Webmin
Alexander Dalloz
ad+lists at uni-x.org
Mon Dec 13 17:51:24 UTC 2004
Am Mo, den 13.12.2004 schrieb James Wilkinson um 18:41:
> antonio montagnani mentioned:
> > http://localhost:10000/ works
>
> Alexander Dalloz wrote:
> > What is you problem with it? I would even say, running webmin over plain
> > http and not http/ssl secured is plain stupid.
>
> In this particular example, it's merely bad practice. It's safe enough
> in that example because the data never leaves the machine (it will go
> over the loopback interface). And if the computer is properly
> firewalled, no-one can get at port 10000 from outside. And the standard
> Fedora firewall will do this.
[ ... ]
> No, the reason I think it bad practice is simply because you may forget
> and think it safe when you do administer over a not-fully-trusted
> network.
>
> James.
James,
of course your more detailed discussion is fully correct. I just took
the URL Antonio posted as illustrations. How many webmin users remotely
administer their host over a non secured HTTP connection? means, they
login as root this way. I fear there are a lot! Unfortunately.
From my point of view it would be best if webmin would require the HTTPS
connection under any circumstance. The only problem when installing from
sources is, that it requires a Perl module to activate SSL.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 18:46:08 up 3 days, 13:26, load average: 0.63, 0.54, 0.58
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041213/5c84102f/attachment-0001.sig>
More information about the fedora-list
mailing list