Date: Thu, 02 May 2002 15:19:18 -0400 From: Bill Moran <wmoran@potentialtech.com> To: David Banning <david@skytrackercanada.com> Cc: questions@freebsd.org Subject: Re: security question Message-ID: <3CD19136.5040504@potentialtech.com> References: <20020502150908.A22313@mail.clubplus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
David Banning wrote: > I am running ssh. I am also running openwebmail. > > If I want to collect my mail from the web using openwebmail, then > people could see my password, and then log on as me with ssh. Yup, very bad ... the Apache server was compromised a little while back because of this kind of thing. > What is a the best way to deal with this? Depends on the exact circumstance > I tried setting up a second user with nologin ability but the privileges > are not in order for my mail box. That would be an excellent solution. Perhaps some research will uncover a way to make the permissions work. > I guess I could also run openwebmail with https? That's better than clear text, although https' 128bit encryption is starting to feel pretty weak in the light of 2ghz processors! -- Bill Moran Potential Technology http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CD19136.5040504>