[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Securing Admin Pages

Subject: Re: [cobalt-security] Securing Admin Pages
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Thu, 21 Feb 2002 10:47:35 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Declan Caulfield wrote:

> However, this offers just a little more security, as if you sniff the admin
> password and use it to log in to the admin pages via HTTP:81 a would be
> hacker can change both the root and admin passwords using the Administrator
> button.

Why would you or anyone send your password in clear text when all you
have to do is self-issue a cert to get 128-bit ssl protection?

> Rule of thumb, change your admin password regularly.

Rule of thumb, don't use http; use a secure cert (even a self-signed
one) and https.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-security] Securing Admin Pages
  - From: Matthew Nuzum

References:
- Re: [cobalt-security] Securing Admin Pages
  - From: Declan Caulfield

Prev by Date: Re: [cobalt-security] Securing Admin Pages
Next by Date: Re: [cobalt-security] self signed certificate warnings
Previous by thread: Re: [cobalt-security] Securing Admin Pages
Next by thread: Re: [cobalt-security] Securing Admin Pages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index