Date: Wed, 10 Dec 1997 19:06:36 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Adam Turoff <AdamT@smginc.com> Cc: hackers <hackers@freebsd.org> Subject: Re: FW: Why so many steps to build new kernel? Message-ID: <Pine.BSF.3.95.971210190407.1361F-100000@alive.znep.com> In-Reply-To: <348F48D3@smginc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Dec 1997, Adam Turoff wrote: > > > I was just thinking about this. I've been playing around with cgic > lately > > and I think it would be hilarious to have the kernel configuration on > the > > local web server (password protected of course). I saw an article the > > other day about windows 98 (not that I really care what MS is doing), > but > > apparently they are going web browser-centric, certainly that is > pushing > > it, but I was thinking how easy it might be set up something like this. > > I only considered it because I have decided to rewrite the interface > for a > > particular software package I worked on last summer to have a > significant > > portion of its interface web-able. This is less because I really want > to > > a more because *I HATE* designing X interfaces and this way I can have > > someone else do it. Plus windows can be a client to the server process > > (if it was up to me people would just telnet into the server port and > use > > it that way). > > I don't know about that. Sounds like a huge security hole. > > If you're interested in going town this path, I'd strongly recommend > taking a page from Netscape. Their servers use an admin server > to administer all instances of their httpd on a box. When installing > the server package, the install program picks a random port > 1024 > to use for running the admin server. The sysadmin can change > this port to something useful, but the idea here is that the > administration is not running on any "standard" port. That is not done for security, but for the oops factor and to let you mess with one server without having it bring down the admin server that (some people) need to fix it. > > I certainly wouldn't want anything like kernel configs or sysadmin > type stuff happening over a standard port like 80 or 8080 with > clear text passwords. If I could use SSL on some bizzaro > port number, that would be really worth having. :-) SSL is troublesome because the fascist US gov't patents basic math and is afraid that allowing people to export technology that the whole world already has will be a security risk. The sad truth is that the Internet would be far more secure if the US gov't wasn't so obtuse.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971210190407.1361F-100000>