[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Securing Admin Pages
- Subject: Re: [cobalt-security] Securing Admin Pages
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Thu, 21 Feb 2002 10:47:35 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Declan Caulfield wrote:
> However, this offers just a little more security, as if you sniff the admin
> password and use it to log in to the admin pages via HTTP:81 a would be
> hacker can change both the root and admin passwords using the Administrator
> button.
Why would you or anyone send your password in clear text when all you
have to do is self-issue a cert to get 128-bit ssl protection?
> Rule of thumb, change your admin password regularly.
Rule of thumb, don't use http; use a secure cert (even a self-signed
one) and https.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484