Date: Tue, 16 Dec 1997 22:27:18 -0700 From: Nate Williams <nate@mt.sri.com> To: Charles Mott <cmott@srv.net> Cc: Nate Williams <nate@mt.sri.com>, chat@FreeBSD.ORG, softweyr@xmission.com Subject: Re: Support for secure http protocols Message-ID: <199712170527.WAA11814@mt.sri.com> In-Reply-To: <Pine.BSF.3.96.971216212337.6388A-100000@darkstar.home> References: <199712170414.VAA11573@mt.sri.com> <Pine.BSF.3.96.971216212337.6388A-100000@darkstar.home>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Ssh and sshd are already universal in the unix world, and the Wintel > > > variant (F-Secure) is reasonably priced. > > > > And doesn't have nearly the necessary features, is unstable, and due to > > port forwarding is a *huge* security risk unless the system > > administrator has set things up securely. > > Any secure server is a risk unless the administrator does his job. Even > after that it is still a risk. Public key encryption is only as secure as > the private keys. Yes, but the default setup means that any machine you can connect to allows you to do port forwarding to any machine that the server machine can connect to. This feature is not widely understood/known about. > What necessary features are missing? The ability to have a connection to the HTTP server w/out requiring a login account. The ability to use arbitrarily run commands 'rsh' style simply and easily. > How easy are they to add to the > framework so that they can make ssh (or a derivative) useful? Not easy, because of Win95's inherent limitations. > > SSH is a *GREAT* solution for many things, but for secure HTTP stuff I > > don't think it's a very good solution. > > I don't say use ssh for web commerce (yet), but if I had to set up a > secure server (http, but maybe something else) for a limited clientele, > then I personally would seriously consider an ssh solution. But, that isn't necessarily what Wes was asking about. Yes, SSH works as a great 'secure' connection so you can limit your clientele, but it also means that it is a 'limited' solution that requires alot of maintainence on the server/client end, and is not for the faint of heart. (We're using it locally, but it's non-trivial to setup and maintain.) > It works well > and it encapsulates the both security and legal headaches. Not legal, if your clients are not in the US. (ITAR obnoxiousness.) Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712170527.WAA11814>