Date: Wed, 7 Apr 1999 19:11:02 +0200 (CEST) From: Leif Neland <leifn@neland.dk> To: "Daniel O'Callaghan" <danny@hilink.com.au> Cc: "W. Reilly Cooley" <wcooley@nakedape.navi.net>, freebsd-isp@FreeBSD.ORG Subject: Re: Web Based Script Message-ID: <Pine.BSF.4.05.9904071905530.72972-100000@arnold.neland.dk> In-Reply-To: <Pine.BSF.4.10.9904071543390.54455-100000@enya.clari.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Apr 1999, Daniel O'Callaghan wrote: > > > On Mon, 29 Mar 1999, W. Reilly Cooley wrote: > > I've considered a web-based interface for users to modify their > > configurations (mail forwarding, etc), but giving users access using their > > UNIX passwords through a web interface is a /big/ security hole. See > > http://www.apache.org/docs/misc/FAQ.html#passwdauth for an explanation. > > This might be reasonable, if, for example, you only permit access from > > within your net block. But even then it's sketchy... > > No more problematic than POP, and at least with web you can do it via SSL > using https rather than plaintext http. > At least POP puts a delay between the bad logins, which slows password guessing down. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904071905530.72972-100000>