From owner-freebsd-questions@FreeBSD.ORG Thu May 28 17:04:45 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 564E81065673 for ; Thu, 28 May 2009 17:04:45 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from mail-fx0-f159.google.com (mail-fx0-f159.google.com [209.85.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id D4E988FC15 for ; Thu, 28 May 2009 17:04:44 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: by fxm3 with SMTP id 3so940151fxm.43 for ; Thu, 28 May 2009 10:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=2Kk3rzVzqPM5SGEGZB1GwU06jyQZByJkPFQq8xeIAso=; b=YOMgwHJxW4YAzcRJLw6ApX0FSUtBoI6qwFJ3jaLubrNqVzbWZst0TcleOqb3cwJ7bI qi7lF2selgP15L6Oe8hAw/Y+XwdJv7ZQRFfATu5ucKhn74/DZQNZ8trJG2yNIIiyN8Wi GyrlTCtejp+fjvkNvKL3iwGT44705r++3KQ0k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=MNPr1asQrueQIIEHQG2Jc+TcMq9TashzsJ5cMioONZYKfBt6Si4A6AK39Nld4/6w4a 4zUgFXVTMv0lqE3GkBwxgXKT7T9XGyJ3MTDARVrzFjzxStmQh3MWK6MNg6pQITwTTPa8 DHy1PcHMhSF8uuqRJdUyDuQ8f0phQkFBBlnRo= MIME-Version: 1.0 Received: by 10.204.77.102 with SMTP id f38mr1384095bkk.62.1243530283555; Thu, 28 May 2009 10:04:43 -0700 (PDT) In-Reply-To: <20090528183801.82b36bbb.freebsd@edvax.de> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905280847.12966.kirk@strauser.com> <200905280904.44025.kirk@strauser.com> <20090528183801.82b36bbb.freebsd@edvax.de> From: Chris Rees Date: Thu, 28 May 2009 18:04:23 +0100 Message-ID: To: Polytropon Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Wojciech Puchar , freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 17:04:45 -0000 2009/5/28 Polytropon : > On Thu, 28 May 2009 09:04:43 -0500, Kirk Strauser wro= te: >> Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever >> breaking 10% CPU usage. =A0I'm of the opinion that most people don't nee= d to >> optimize for CPU in such cases when the security payoffs are so great. > > As Wojciech pointed out correctly before, security is only as > good as the weakest point. Of course you can add security by > using SSH, and it's definitely indicated when doing things via > the Internet. As long as you are inside your own net, covered > from the Internet, with only trustworthy machines inside it, > you could even use telnet. > > Connecting systems by a security tunnel that already adds means > of cryptography, and you consider this tunnel to be secure > enough, the above situation applies. But you can always SSH > inside a security tunnel, if you want. It just increases > security. "The more the better." :-) At the point where this > "the more" generates so much overhead that things are lagging, > stalling or just work much too slow, or slower than they > should, you can re-thing the situation. > > > > -- > Polytropon > >From Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... I know I sound like Theo, but security and reliability are ALWAYS more important than overhead or speed. Always. Since the OP asked for How could I nicely and securely connect from the script on the web server to the file server, in order to edit the quota? It should be nice and secure and without password. He even said 'secure' twice. There is a web server involved, meaning possibility of compromise (we all know how secure web servers tend to be), and then one has access to network traffic for sniffing. Also, if this is for quotas, then surely the people accessing the server via *NFS* are inside the network? Chris --=20 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?