Date: Tue, 03 Feb 1998 15:42:11 +0000 From: Colman Reilly <careilly@monoid.cs.tcd.ie> To: Adrian Chadd <adrian@obiwan.creative.net.au> Cc: hackers@FreeBSD.ORG Subject: Re: WebAdmin Message-ID: <199802031542.PAA16355@monoid.cs.tcd.ie> In-Reply-To: Message from Adrian Chadd dated today at 22:57.
next in thread | raw e-mail | index | archive | help
[Please redirect this to freebsd-config]
On Mon, 2 Feb 1998, Adam Turoff wrote:
Depends.
<INPUT TYPE="HIDDEN"> ?
I've written a couple of web-based SQL databases, and I have been able
to sucessfully encode enough state into the webpages themselves to make
the databases useable and stable.
Sure. Now remember we have to assume that people will be attempting to
exploit the admin system as a security hole. We can't trust any state coming
from a HTTP connection.
> Then there's also the question of security. Running a bunch of scripts
> that create users and such against Apache is not secure. Picking a port
> other than 80 or 8080 and possibly using SSL on it is marginally better.
>
Possibly. But then SSL on port 80 would be more than enough.
Enough for what? How many bits of SSL?
[Lot's of fine talk deleted]
Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security stuff.
Look at the mail archives on this topic.
I'd really like to see people cooperating on this with a well thought out
structure rather than see three sets of people head out into space.
Juliet is at: http://www.smith.net.au/~mike/freebsd.html
My stuff is at: http://www.cs.tcd.ie/~careilly/Portia/
Colman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802031542.PAA16355>