|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Securing Admin Pages
- To: cobalt-security@xxxxxxxxxxxxxxx
- Subject: Re: [cobalt-security] Securing Admin Pages
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Thu, 21 Feb 2002 10:47:35 -0800
- List-archive: <http://list.cobalt.com/pipermail/cobalt-security/>
- List-help: <mailto:cobalt-security-request@list.cobalt.com?subject=help>
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
- List-post: <mailto:cobalt-security@list.cobalt.com>
- List-subscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>, <mailto:cobalt-security-request@list.cobalt.com?subject=subscribe>
- List-unsubscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>, <mailto:cobalt-security-request@list.cobalt.com?subject=unsubscribe>
- Organization: nobaloney.net
- References: <B89A8B95.5DAB%declan@kamera.com>
- Reply-to: cobalt-security@xxxxxxxxxxxxxxx
- Sender: cobalt-security-admin@xxxxxxxxxxxxxxx
Declan Caulfield wrote: > However, this offers just a little more security, as if you sniff the admin > password and use it to log in to the admin pages via HTTP:81 a would be > hacker can change both the root and admin passwords using the Administrator > button. Why would you or anyone send your password in clear text when all you have to do is self-issue a cert to get 128-bit ssl protection? > Rule of thumb, change your admin password regularly. Rule of thumb, don't use http; use a secure cert (even a self-signed one) and https. Jeff -- Jeff Lasman <jblists@xxxxxxxxxxxxx> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484
- Follow-Ups:
- Re: [cobalt-security] Securing Admin Pages
- From: Matthew Nuzum
- Re: [cobalt-security] Securing Admin Pages
- References:
- Re: [cobalt-security] Securing Admin Pages
- From: Declan Caulfield
- Re: [cobalt-security] Securing Admin Pages
- Prev by Date: Re: [cobalt-security] Securing Admin Pages
- Next by Date: Re: [cobalt-security] self signed certificate warnings
- Previous by thread: Re: [cobalt-security] Securing Admin Pages
- Next by thread: Re: [cobalt-security] Securing Admin Pages
- Index(es):
