From owner-freebsd-chat  Mon Sep 29 19:23:07 1997
Return-Path: <owner-freebsd-chat>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id TAA25812
          for chat-outgoing; Mon, 29 Sep 1997 19:23:07 -0700 (PDT)
Received: from word.smith.net.au (ppp20.portal.net.au [202.12.71.120])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA25807
          for <chat@FreeBSD.ORG>; Mon, 29 Sep 1997 19:23:00 -0700 (PDT)
Received: from word.smith.net.au (localhost.smith.net.au [127.0.0.1])
	by word.smith.net.au (8.8.7/8.8.5) with ESMTP id LAA02242;
	Tue, 30 Sep 1997 11:50:18 +0930 (CST)
Message-Id: <199709300220.LAA02242@word.smith.net.au>
X-Mailer: exmh version 2.0zeta 7/24/97
To: Peter Korsten <peter@grendel.IAEhv.nl>
cc: chat@FreeBSD.ORG
Subject: Re: Microsoft brainrot (was: r-cmds and DNS and /etc/host.conf) 
In-reply-to: Your message of "Tue, 30 Sep 1997 01:15:55 +0200."
             <19970930011555.61645@grendel.IAEhv.nl> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 30 Sep 1997 11:50:17 +0930
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-chat@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Mike Smith shared with us:
> > > If we're trying to convince people to put a FreeBSD based server into
> > > their existing Win95 (or Mac, or whatever) environment, what better
> > > configuration vehicle can we give them, than the machine already on
> > > their desktop?
> > 
> > Wes: Stop Right Here.  
> > 
> > If you can come up with a security model that makes this viable on an 
> > adequately large scale, I will *happily* abandon almost any other 
> > thought I might have of using any other interface and happily work 
> > under a browser.
> > 
> > If not, and I'm not convinced one way or another, then we have to give 
> > this idea the wide berth it will deserve.
> 
> In that case, this idea isn't the only thing that's going to be
> ditched...

No, you totally fail to understand the point I am making.

[... much obvious implementation crap elided ...]
> So what we need is said daemon, which should also work over networks,
> plus a collection of 'extended HTML' files. No big deal, right?

That's got nothing to do with it.

What has to exist is an adequately secure channel whereby the 
administrator can connect to the system(s) in question without risking 
compromise.  This has to include geek-in-the-middle attacks, password/
cookie sniffing, spoofing etc.

At this point in time, I'm not convinced that browser technology is 
there yet; I'm merely asking Wes (because his employer is actually 
doing things) if he has any good ideas.

By contrast, implementing the backend is relatively trivial.  Easily 
the largest hurdle is designing the interface, once you are sure of 
your security.

mike