Oh, I see... Your question was in the subject line, but not in the
message. You're english is fine, but I didn't see a precise question in
your first post (because it was in the subject, but not the message body).
Webmin+SSL is, at this point, historically more secure than SSH. Both
Webmin and the major SSH variants (both commercial and OpenSSH) have had
one major exploit in the past year, and SSH has had a couple of other
smaller exploits. A new exploit exists in the all previous versions of
OpenSSH at this very moment. So Webmin with SSL is historically more
secure than SSH for remote system administration. A discussion from a
couple of days ago also gives credence to the theory that Webmin is less
likely to be a target of attack than SSH because it is in less frequent use.
If you need more security than that, you're going to have to work at the
console and disable all network services (or at the least all services
that have root or special privileges that could be leveraged into root).
Popular wisom on the issue is that SSH is the 'correct' way to securely
administer a server remotely, but recent history is proving that popular
wisdom may not be thoroughly correct. At the moment, I am unsure of
what is the appropriate method of remotely administering my servers (I
am responsible for about 45 servers these days, so I have my hands
full). I'm hopeful that OpenSSH will get thoroughly straightened out
shortly and that no similar bugs will be discovered in OpenSSL.
Andrew.R.J wrote:
Well Joe,
Thanks for your reply, and maybe my english is not so good.
What I mean is : If I want to remote configure my host through internet,is
the webmin safe enough for it? I always think that only by SSL is not
enough.... So got this problem.
Maybe this problem is over the webmin scope...
Andrew
----- Original Message -----
From: "Joe Cooper" <joe@xxxxxxxxxxxxx>
To: <webadmin-list@xxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 27, 2002 10:11 AM
Subject: Re: What is your considerate about the webmin Security?
I'm afraid I don't really get what you're asking, Andrew.
It can be used for what it was intended to be used for: Unix system
administration. If you have Unix systems in your enterprise that need
administering, then Webmin is for you. If all you've got is cash
registers, calculators and filing cabinets in your enterprise, then
Webmin probably isn't for you.
As for the key business...I don't know, does one use Unix systems in the
process of making keys?
Andrew.R.J wrote:
> Hey all,
>
> As you konw webmin is used by more and more people because it's
> really easy to use. I just care about it , can it be used in
> enterprise field or some key business? Would you give some words
> about it?
>
> Thanx
>
> Andrew
--
Joe Cooper <joe@xxxxxxxxxxxxx>
Web caching appliances and support.
http://www.swelltech.com
-------------------------------------------------------
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
-
Forwarded by the Webmin mailing list at webadmin-list@xxxxxxxxxxxxxxxxxxxxx
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
--
Prendi GRATIS l'email universale che... risparmia: http://www.email.it/f
Sponsor:
Lavatrice imbizzarrita, frigo in panne, batteria scarica? QXservice ti
permette di trovare il professionista giusto, al tempo di un click!
Clicca qui: http://adv2.email.it/cgi-bin/foclick.cgi?mid=537&d=27-6
-¢�m§ÿåS(Ël²<«qçè®�§zßåS(ËlþX¬¶)ߣü�m§fS(ybst==
--
Joe Cooper <joe@xxxxxxxxxxxxx>
Web caching appliances and support.
http://www.swelltech.com
-------------------------------------------------------
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO
http://www.jabberconf.com/osdn
-
Forwarded by the Webmin mailing list at webadmin-list@xxxxxxxxxxxxxxxxxxxxx
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
