Date: Thu, 28 May 2009 14:44:45 -0500 From: Kirk Strauser <kirk@strauser.com> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: Polytropon <freebsd@edvax.de>, freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota Message-ID: <200905281444.45342.kirk@strauser.com> In-Reply-To: <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <20090528183801.82b36bbb.freebsd@edvax.de> <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote: > And yes - i do log as root by "insecure" rsh and telnet. OK, I'm now promoting you to "batshit insane". Seriously, there's no excuse for running telnet - even in a "secure" (ha!) environment - when so much better alternatives exist. Let me shoot you a hypothetical: your webserver gets compromised. The intruder uses a little ARP poisoning to launch a MITM attack between your workstation and the database server. He comes back a couple hours later and uses your plaintext root password to make a backup of your database for his personal use. Oh, but that could never happen to you, because you run a PtP VPN between every pair of machines on your network, said network being separated from the Internet by a 2 meter air gap and a Doberman Pinscher. Seriously, using telnet today is flat-out stupid, and I'd fire you in a second if you brought that level of bullheaded incompetence into my company. </rant> -- Kirk Strauser
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905281444.45342.kirk>