From owner-freebsd-config  Tue Feb  3 08:56:35 1998
Return-Path: <owner-config>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA22571
          for config-outgoing; Tue, 3 Feb 1998 08:56:35 -0800 (PST)
          (envelope-from owner-config)
Received: from inet-user-gw-1.us.oracle.com (inet-user-gw-1.us.oracle.com [192.86.155.82])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA22546
          for <config@freebsd.org>; Tue, 3 Feb 1998 08:56:30 -0800 (PST)
          (envelope-from ACHOWDHU.IN.ORACLE.COM.ofcmail@in.oracle.com)
Received: from insun023 (insun023.in.oracle.com [152.69.168.23])
	by inet-user-gw-1.us.oracle.com (8.8.5/8.8.5) with SMTP id IAA20255
	for <config@freebsd.org>; Tue, 3 Feb 1998 08:54:10 -0800 (PST)
Received:  by insun023 (SMI-8.6/37.8)
	id LAA06851; Tue, 3 Feb 1998 11:48:57 -0500
Message-Id: <199802031648.LAA06851@insun023>
Date: 03 Feb 98 21:42:30 +0530
From: "Atish" <ACHOWDHU.IN.ORACLE.COM.ofcmail@in.oracle.com>
To: config@freebsd.org
Subject: Auto-reply: Re: WebAdmin
Reply-to: ACHOWDHU.IN.ORACLE.COM.ofcmail@in.oracle.com
MIME-Version: 1.0
X-Mailer: Oracle InterOffice (version 4.1.1.3.40)
Content-Type: multipart/mixed; boundary="=_ORCL_2324155_0_0"
Sender: owner-config@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


--=_ORCL_2324155_0_0
Content-Transfer-Encoding:quoted-printable
Content-Type:text/plain; charset="iso-8859-1"

 
Hi, 
	I am on leave till mid Feb'98. Will try to get back to you as soon as 
possible. 
 
-regards 
Atish 
 
#..........................................................................#=
 
 
>From : Atish  Datta  Chowdhury 
       Oracle  Software  Development  Centre 
       India  Development  Centre 
       150  Embassy  Point 
       Bangalore  560001 
 
Telephone: (088) 2256099  Extn:496/atish 
e-mail: achowdhu@in.oracle.com 
 
#..........................................................................#=
 
 
          
 
 


--=_ORCL_2324155_0_0
Content-Type:message/rfc822

Date: 03 Feb 98 21:12:11
From:Colman Reilly <careilly@monoid.cs.tcd.ie>
To:Adrian Chadd <adrian@obiwan.creative.net.au>
Subject:Re: WebAdmin
Cc:hackers@FreeBSD.ORG
Reply-to:INUNIX2.IN.ORACLE.COM:config@FreeBSD.ORG 
Received:from inet16.us.oracle.com by insun023 with ESMTP (SMI-8.6/37.8) id KAA06513; Tue, 3 Feb 1998 10:44:10 -0500
Received:from smyrno.sol.net (mail@smyrno.sol.net [206.55.64.117]) by inet16.us.oracle.com (8.8.5/8.8.5) with ESMTP id HAA17698; Tue, 3 Feb 1998 07:51:18 -0800 (PST)
Received:from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) by smyrno.sol.net (8.8.8/8.8.8/SNNS-1.02) with ESMTP id JAA20506; Tue, 3 Feb 1998 09:50:26 -0600 (CST)
Received:from localhost (daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA12614; Tue, 3 Feb 1998 07:50:25 -0800 (PST) (envelope-from owner-freebsd-hackers)
Received:by hub.freebsd.org (bulk_mailer v1.6); Tue, 3 Feb 1998 07:46:58 -0800
Received:(from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA12169 for hackers-outgoing; Tue, 3 Feb 1998 07:46:55 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received:from relay.cs.tcd.ie (relay.cs.tcd.ie [134.226.32.56]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA12133 for <hackers@freebsd.org>; Tue, 3 Feb 1998 07:46:34 -0800 (PST) (envelope-from careilly@monoid.cs.tcd.ie)
Received:from monoid.cs.tcd.ie (monoid.cs.tcd.ie [134.226.38.99]) by relay.cs.tcd.ie (8.8.7/8.8.7) with ESMTP id PAA10889; Tue, 3 Feb 1998 15:46:18 GMT
Received:from monoid.cs.tcd.ie (localhost.my.domain [127.0.0.1]) by monoid.cs.tcd.ie (8.8.5/8.8.5) with ESMTP id PAA16355; Tue, 3 Feb 1998 15:42:13 GMT
Message-Id:<199802031542.PAA16355@monoid.cs.tcd.ie>
X-Address:Department of Computer Science, Trinity College, Dublin 2, Ireland.
X-Phone:+353-(0)1-6081321
In-reply-to:Message from Adrian Chadd  dated today at 22:57.
Sender:owner-freebsd-hackers@FreeBSD.ORG
X-Loop:FreeBSD.ORG
X-To-Unsubscribe:mail to majordomo@FreeBSD.org "unsubscribe hackers"
MIME-Version: 1.0
Content-ID:<16350.886520530.1@monoid.cs.tcd.ie>
Content-Type:text/plain; charset=us-ascii
Content-Transfer-Encoding:7bit

[Please redirect this to freebsd-config]

     On Mon, 2 Feb 1998, Adam Turoff wrote:
     
     Depends.
     <INPUT TYPE="HIDDEN"> ?
     
     I've written a couple of web-based SQL databases, and I have been able
     to sucessfully encode enough state into the webpages themselves to make
     the databases useable and stable.
Sure. Now remember we have to assume that people will be attempting to
exploit the admin system as a security hole. We can't trust any state coming
from a HTTP connection.
      
     > Then there's also the question of security.  Running a bunch of
scripts
     > that create users and such against Apache is not secure.  Picking a
port
     > other than 80 or 8080 and possibly using SSL on it is marginally
better.
     >
     
     Possibly.  But then SSL on port 80 would be more than enough.
Enough for what? How many bits of SSL?

	[Lot's of fine talk deleted]

Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security
stuff. 
Look at the mail archives on this topic. 

I'd really like to see people cooperating on this with a well thought out
structure rather than see three sets of people head out into space. 

Juliet is at: http://www.smith.net.au/~mike/freebsd.html
My stuff is at: http://www.cs.tcd.ie/~careilly/Portia/

Colman

--=_ORCL_2324155_0_0--