[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Securing Admin Pages

Subject: Re: [cobalt-security] Securing Admin Pages
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Sat, 23 Feb 2002 00:31:53 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Dave" <maxdoubt@xxxxxx> wrote:
> *IF* a hakker has the root password, yer box is owned.  If they get the
admin
> password, they go to the GUI and change the admin password which changes
the
> root pass to match and your still screwed.

Remap the server admin GUI to a different directory.  See either httpd.conf
or srm.conf depending on which RaQ you have.  Security by obscurity, but
that doesn't mean it's a bad idea.

> I'm still looking for the benefit
> of having separate passwords on the Raq?  I assumed this is why Jeff said
'no
> easy way' to do this on a Raq?

I'm not going to put words in Jeff's mouth, but another problem is that
resetting the admin password in the GUI resets the root password.  That's
either a feature or a bug depending on how you look at it.  In any case, if
you do set root's password to be different from admin's it's best to make a
mental note of that.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

Follow-Ups:
- Re: [cobalt-security] Securing Admin Pages
  - From: Jeff Lasman

References:
- Re: [cobalt-security] Securing Admin Pages
  - From: Jeff Lasman
- Re: [cobalt-security] Securing Admin Pages
  - From: Gerald Waugh
- Re: [cobalt-security] Securing Admin Pages
  - From: Dave

Prev by Date: Re: [cobalt-security] Using self signed certificates to secure admin pages.
Next by Date: Re: [cobalt-security] self signed certificate warnings
Previous by thread: Re: [cobalt-security] Securing Admin Pages
Next by thread: Re: [cobalt-security] Securing Admin Pages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index