From owner-freebsd-hackers Wed Dec 10 15:25:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA02196 for hackers-outgoing; Wed, 10 Dec 1997 15:25:19 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from acroal.com (firewall0.acroal.com [209.24.61.154]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA02168 for ; Wed, 10 Dec 1997 15:25:09 -0800 (PST) (envelope-from jamil@acroal.com) Received: from localhost (jamil@localhost) by acroal.com (8.8.8/8.8.7) with SMTP id PAA25591; Wed, 10 Dec 1997 15:25:07 -0800 (PST) (envelope-from jamil@acroal.com) Date: Wed, 10 Dec 1997 15:25:07 -0800 (PST) From: "J. Weatherbee - Senior Systems Architect" To: Adam Turoff cc: hackers Subject: Re: FW: Why so many steps to build new kernel? In-Reply-To: <348F48D3@smginc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk This makes no damn difference, obscurity is NOT security. See /usr/ports/net/strobe. > If you're interested in going town this path, I'd strongly recommend > taking a page from Netscape. Their servers use an admin server > to administer all instances of their httpd on a box. When installing > the server package, the install program picks a random port > 1024 > to use for running the admin server. The sysadmin can change > this port to something useful, but the idea here is that the > administration is not running on any "standard" port. > I certainly wouldn't want anything like kernel configs or sysadmin > type stuff happening over a standard port like 80 or 8080 with > clear text passwords. If I could use SSL on some bizzaro > port number, that would be really worth having. :-) > > -- Adam > > PS: Setting two servers to talk to each other so that they can > replicate configurations is left as an exercise for the reader. >