[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Securing Admin Pages
- Subject: [cobalt-security] Securing Admin Pages
- From: duncan gray <duncanrobertgray@xxxxxxxxx>
- Date: Thu, 21 Feb 2002 01:05:34 -0800 (PST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
Ive recently just had one of my websites hacked on my
server I have know Idea how as I thought my server was
pretty secure, As I've kept up to date with all the
latest patches, switched my tellnet over to SSH, and
so forth, my bigest guess is that you have to pass the
root password to the machine while logging in over the
Web admin pages, this scare me some what. But raises
some questions in my mind.
A. is there a way to make the main admin pages work
off a different user account, If not why not as it
seems like a huge security hole to me.
B. Secondly I dont know much about certificates, but
Is it possible to issue a client certificate or some
sort of certificate so you can limit only certain
browsers/users to access that site? and making sure
that the link between the server and the client is
secure?
Thanks
Duncan.
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com