From owner-freebsd-chat Tue Sep 30 23:38:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id XAA22304 for chat-outgoing; Tue, 30 Sep 1997 23:38:53 -0700 (PDT) Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id XAA22293 for ; Tue, 30 Sep 1997 23:38:43 -0700 (PDT) Received: from [199.104.124.49] [199.104.124.49] by mail.xmission.com with smtp (Exim 1.62 #4) id 0xGIQe-0002HT-00; Wed, 1 Oct 1997 00:38:39 -0600 Message-ID: <34320C04.5DB5@xmission.com> Date: Wed, 01 Oct 1997 01:38:28 -0700 From: Wes Peters Reply-To: softweyr@xmission.com Organization: Softweyr LLC X-Mailer: Mozilla 3.03 (Win16; I) MIME-Version: 1.0 To: Mike Smith CC: chat@freebsd.org Subject: Re: Microsoft brainrot (was: r-cmds and DNS and /etc/host.conf) References: <199709291521.AAA00645@word.smith.net.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Mike Smith wrote: > > > If we're trying to convince people to put a FreeBSD based server into > > their existing Win95 (or Mac, or whatever) environment, what better > > configuration vehicle can we give them, than the machine already on > > their desktop? > > Wes: Stop Right Here. > > If you can come up with a security model that makes this viable on an > adequately large scale, I will *happily* abandon almost any other > thought I might have of using any other interface and happily work > under a browser. > > If not, and I'm not convinced one way or another, then we have to give > this idea the wide berth it will deserve. OK, I'm working on this. (Got the old 486sx laptop fired up here in San Hoser, and am slaving away on FreeBSD work as we speak. ;^) I've been developing the prototype for the next generation of my embedded web server on FreeBSD ;^) where it is working pretty well. I'm willing to throw this in, if I can convince you (all-inclusive you here) that it will be sufficiently secure. I can think of a couple of ways to insure this, but it won't be completely painless. I believe most security-enabled broswers support SSL communications for "secure" documents. They also support extended, and *extenable* authentication protocols, a number of which might be acceptable in conjunction with SSL. The part I'm not certain of is the interaction with Lynx, which I feel is a necessity for our situation. Another need is a simple local communications path, so we can use Lynx to setup the machine via the console, VGA or serial. Perhaps a UNIX-domain socket would suffice, or even a FIFO. Adding "acceptable" users to the UI is quite complex, as well. You would have to start with a default of "allow any local user" to connect, and (hopefully) automagically promote that to "allow this specific local user" to connect *very* quickly. Comments or suggestions? I'm all ears. ;^) Wes