Webmin security -- was: Hacked systems and the law
Phoenician
phoenician at phoenixcolony.com
Wed Apr 23 16:23:52 CDT 2003
I use webmin all the time and have it configured to work on SSL.
For extra security you can ratchet down access to it based on IP
address and specific users. One MAJOR flaw in it though is that
it only supports passwords up to 6 or 8 characters and ignores
anything after that. Ex: I am fond of long alpha-numeric passwords,
my shortest is about 9 characters and my longest is 23. If I input
only 6 of say 10 characters it will accept that as the password as long as
the first 6 characters are correct.
Otherwise, It's a great GUI for quick and easy administration,
especially when I go on vacation and my #2 needs to cover for me.
- Michienne
-----Original Message-----
From: owner-kclug at marauder.illiana.net
[mailto:owner-kclug at marauder.illiana.net]On Behalf Of Bradley Miller
Sent: Tuesday, April 22, 2003 8:46 PM
To: kclug
Subject: Webmin security -- was: Hacked systems and the law
At 09:34 PM 4/22/2003 -0500, you wrote:
>I thought webmin was inherently insecure. Wouldn't you feel better having
>direct, secure control over the config files?
Unfortunately I don't have a lot of time, a large portion of my time is on
development/graphics/etc... Perhaps I'm spoiled, but the click here,
here, and here thing is a great thing for me. I would think if you ran
webmin on ssl that it would perhaps be a bit more secure? Or am I in left
field here? Thoughts?????
More information about the Kclug
mailing list