[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Steph Foster wrote:
tom wrote:Steph Foster wrote:T Brownen wrote:Thanks Steph Is this recommendation on use or something else. Thanks TrevorPersonally I have always regarded Webmin as an exploit waiting to happen. You only have to google for webmin exploits to see that. I'd rather not have to keep watching the bugtraq lists to keep up to date and worrying about unknown 0-day bugs when the security of a system is involved. Of course the GUI based nature of webmin appeals to many but I would rather SSH to a box and do stuff on the command line. It is a pain but if your box is important or mission critical I think I'd accept the burden of learning the command line options. StephHTTPS Tom te tom te tomOk it encrypts the information but you can still seek to attack the web server Apache regularly has holes fixed in it. Https wont stop you exploiting the server if there is a vulnerability there. Steph
I'd put good money on the SSH password being the weakest link in either.If you only want to use webmin you can configure it and apache as tightly as SSH
If youre using apache anyway the point is moot. Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html