Re: Connection to Webmin

From: James Wilkinson (james_at_westexe.demon.co.uk)
Date: 12/13/04

Next message: Waldemar Jankowski: "Re: Network Card Installation FC3"

Previous message: Alexander Dalloz: "Re: Install FC2 on SATA RAID0 controller from Silicon Image"
In reply to: Alexander Dalloz: "Re: Connection to Webmin"
Next in thread: Alexander Dalloz: "Re: Connection to Webmin"
Reply: Alexander Dalloz: "Re: Connection to Webmin"
Reply: Nathaniel Hall: "Re: Connection to Webmin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 13 Dec 2004 17:41:23 +0000
To: For users of Fedora Core releases <fedora-list@redhat.com>

antonio montagnani mentioned:
> http://localhost:10000/ works

Alexander Dalloz wrote:
> What is you problem with it? I would even say, running webmin over plain
> http and not http/ssl secured is plain stupid.

In this particular example, it's merely bad practice. It's safe enough
in that example because the data never leaves the machine (it will go
over the loopback interface). And if the computer is properly
firewalled, no-one can get at port 10000 from outside. And the standard
Fedora firewall will do this.

If the standard firewall is *not* enabled, but Webmin is only run from
the machine in question, then the password still never leaves the
machine, and an attacker is limited to finding bugs or brute-forcing the
password. And SSH is as vulnerable.

I'd even call it safe over a trusted network, where you are sure none of
the machines are compromised, they're all under your control, and you
can see the wires (although I still don't fully trust wireless
encryption). A very small office or a home office, perhaps.

No, the reason I think it bad practice is simply because you may forget
and think it safe when you do administer over a not-fully-trusted
network.

James.

-- 
E-mail address: james | "Luck is my middle name," said Rincewind,
@westexe.demon.co.uk  | indistinctly. "Mind you, my first name is Bad."
                      |     -- Terry Pratchett, Interesting Times
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Waldemar Jankowski: "Re: Network Card Installation FC3"

Previous message: Alexander Dalloz: "Re: Install FC2 on SATA RAID0 controller from Silicon Image"
In reply to: Alexander Dalloz: "Re: Connection to Webmin"
Next in thread: Alexander Dalloz: "Re: Connection to Webmin"
Reply: Alexander Dalloz: "Re: Connection to Webmin"
Reply: Nathaniel Hall: "Re: Connection to Webmin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Preview
... To add to Roady's comments that all formats are safe in newer versions, ... plain text is always safe, regardless of the patches. ... Teach Yourself Outlook 2003 in 24 Hours ...
(microsoft.public.outlook.installation)
Re: Preview
... To add to Roady's comments that all formats are safe in newer versions, ... plain text is always safe, ... Google and Other Search Engines (Visual QuickStart Guide) ... > are relatively safe as long as your users are not opening infected emails. ...
(microsoft.public.outlook.installation)
Re: How do we use ctrl +F3 & Frank Sanders advise/re:can clicking on "forward open a virus
... it's hard to guess just what you are saying. ... Ctrl-F3 allows you to read the message without any danger. ... Tools | Options | Read and set it to Read all messages in plain text. ... Is this another way to safely check to see if it is safe to open ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: What could this be?
... that the firewall wasn't showing me the full route. ... Annie ... The FAQ for this News Group requires plain ...
(alt.comp.anti-virus)
Re: telnet replacement - not ssh?
... I'd just continue using plain text passwords, ... they rely on the same people not sniffing passwords and hijacking telnet ... information out through their firewall by hiding it in plain text. ...
(comp.security.unix)