[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Quick security guide
- Subject: Re: [cobalt-security] Quick security guide
- From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 17 Jan 2002 16:53:41 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eugene,
> Following up my own posting to this list and subsequent comments,
> I've assembled a web page with short security guide.
nice work. However, I'd like to point out a two edged sword in there:
For "scp" you need ssh and shell access for the users, as you have
correctly pointed out in your writeup. Well, giving people shell access
opens the gates for other problems as there are quite a few things even
an unprivileged user can do from the inside.
So I wonder what's worse: having the unwashed masses storming your
unsecured proFTPd port, or the chance of having one foul apple with
shell access in the basket.
In the end it is a matter of personal preference, as there are very few
other alternatives available. Unless you opt for one of the various
Secure-FTP or Safe(F)TP daemons available.
--
With best regards,
Michael Stauber
SOLARSPEED.NET