From owner-freebsd-isp  Tue Jan  2 22:20:16 2001
From owner-freebsd-isp@FreeBSD.ORG  Tue Jan  2 22:20:13 2001
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from jeffdev.billmax.com (unknown [64.56.77.129])
	by hub.freebsd.org (Postfix) with ESMTP id CACED37B400
	for <freebsd-isp@FreeBSD.ORG>; Tue,  2 Jan 2001 22:20:12 -0800 (PST)
Received: from localhost (jeff@localhost)
	by jeffdev.billmax.com (8.9.3/8.9.3) with ESMTP id AAA03194;
	Wed, 3 Jan 2001 00:23:58 -0600 (CST)
	(envelope-from jeff@jeff.net)
Date: Wed, 3 Jan 2001 00:23:58 -0600 (CST)
From: "Jeffrey D. LaCoursiere" <jeff@jeff.net>
X-Sender: jeff@jeffdev.billmax.com
To: Chris Shenton <cshenton@OutBounderInc.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: FW: Prepaid Internet Service (fwd)
In-Reply-To: <lfelyl1qmi.fsf@Samizdat.uucom.com>
Message-ID: <Pine.BSF.4.21.0101030020440.2879-100000@jeffdev.billmax.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Agreed, and it is "on the list", just not high priority.  Most installations
are happy with the security measures and are more worried about their
employees making off with parts than customer information...

We discuss the security measures suggested in our on-line documentation:

http://www.billmax.com/doc/docs/I.H.html


Thanks,

Jeff LaCoursiere
BillMax ISP Billing Solutions
The iSpark Group, Inc.

On 2 Jan 2001, Chris Shenton wrote:

> On Tue, 2 Jan 2001 15:59:09 -0600 (CST), "Jeffrey D. LaCoursiere" <jeff@jeff.net> said:
> 
> Jeffrey> It is true that most of the BillMax processes run as root.
> Jeffrey> This is only a security issue if the machine is accessible to
> Jeffrey> the outside world, which generally it is not. [...]
> 
> I'll be doing some work for an ISP which just purchased BillMax.  I'm
> a bit of a paranoid so running as root may bother me more than most --
> even if you've tried to close all the doors you can think of.
> 
> I prefer the "principal of least privilege".  While I'm not intimate
> with BillMax yet, I have done lots of work with apache, php, perl,
> mysql, radius, etc. I can't see that anything in BillMax would require
> running as root, since none of the components does.  If not, I'd
> certainly prefer it to run as some non-root user, maybe even something
> like user "billmax".
> 
> Thanks.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message