From owner-freebsd-chat Wed Oct 1 04:55:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA08561 for chat-outgoing; Wed, 1 Oct 1997 04:55:26 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA08550 for ; Wed, 1 Oct 1997 04:55:15 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.6/8.8.6) id NAA20125; Wed, 1 Oct 1997 13:54:27 +0200 (MET DST) Date: Wed, 1 Oct 1997 13:54:27 +0200 (MET DST) Message-Id: <199710011154.NAA20125@bitbox.follo.net> From: Eivind Eklund To: Mike Smith CC: softweyr@xmission.com, chat@FreeBSD.ORG In-reply-to: Mike Smith's message of Wed, 01 Oct 1997 16:20:47 +0930 Subject: Re: Microsoft brainrot (was: r-cmds and DNS and /etc/host.conf) References: <34320C04.5DB5@xmission.com> <199710010650.QAA00865@word.smith.net.au> Sender: owner-freebsd-chat@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > > > OK, I'm working on this. (Got the old 486sx laptop fired up here in San > > Hoser, and am slaving away on FreeBSD work as we speak. ;^) > > Good to hear. 8) > > > I've been developing the prototype for the next generation of my > > embedded > > web server on FreeBSD ;^) where it is working pretty well. I'm willing > > to throw this in, if I can convince you (all-inclusive you here) that it > > will be sufficiently secure. I can think of a couple of ways to insure > > this, but it won't be completely painless. > > How do you feel about adding source-IP-based access control? That and > a local sshd in port-forwarding mode would just about do it. I'd like to support SSL, too, as Windows users has to do quite a bit of work to get hold of SSH (unless a freeware port has come along - I've not looked at SSH for Windows for a while). It isn't the ultimate priority, but it would make it much easier. (Especially if those pesky export-restrictions fall over and die). > SSL is, AFAIK, subject to certain undesirable licensing conditions (not > exportable, not available for commercial use, etc.) which may render it > unsuitable. SSLeay isn't too much subject to this; it was developed outside the US. We'd need it integrated in a web-server, though, and I don't know how the state of Apache-SSL is (Stronghold works just fine for my job, so I haven't looked at the freeware side of this). Eivind.