Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 01 Oct 1997 01:38:28 -0700
From:      Wes Peters <softweyr@xmission.com>
To:        Mike Smith <mike@smith.net.au>
Cc:        chat@freebsd.org
Subject:   Re: Microsoft brainrot (was: r-cmds and DNS and /etc/host.conf)
Message-ID:  <34320C04.5DB5@xmission.com>
References:  <199709291521.AAA00645@word.smith.net.au>

next in thread | previous in thread | raw e-mail | index | archive | help
Mike Smith wrote:
> 
> > If we're trying to convince people to put a FreeBSD based server into
> > their existing Win95 (or Mac, or whatever) environment, what better
> > configuration vehicle can we give them, than the machine already on
> > their desktop?
> 
> Wes: Stop Right Here.
> 
> If you can come up with a security model that makes this viable on an
> adequately large scale, I will *happily* abandon almost any other
> thought I might have of using any other interface and happily work
> under a browser.
> 
> If not, and I'm not convinced one way or another, then we have to give
> this idea the wide berth it will deserve.

OK, I'm working on this.  (Got the old 486sx laptop fired up here in San
Hoser, and am slaving away on FreeBSD work as we speak.  ;^)

I've been developing the prototype for the next generation of my
embedded
web server on FreeBSD ;^) where it is working pretty well.  I'm willing
to throw this in, if I can convince you (all-inclusive you here) that it
will be sufficiently secure.  I can think of a couple of ways to insure
this, but it won't be completely painless.

I believe most security-enabled broswers support SSL communications for
"secure" documents.  They also support extended, and *extenable*
authentication
protocols, a number of which might be acceptable in conjunction with
SSL.
The part I'm not certain of is the interaction with Lynx, which I feel
is
a necessity for our situation.  Another need is a simple local
communications
path, so we can use Lynx to setup the machine via the console, VGA or 
serial.  Perhaps a UNIX-domain socket would suffice, or even a FIFO.

Adding "acceptable" users to the UI is quite complex, as well.  You
would
have to start with a default of "allow any local user" to connect, and 
(hopefully) automagically promote that to "allow this specific local
user"
to connect *very* quickly.

Comments or suggestions?  I'm all ears.  ;^)

	Wes



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34320C04.5DB5>