[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Securing Admin Pages
- Subject: Re: [cobalt-security] Securing Admin Pages
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Sat, 23 Feb 2002 00:31:53 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Dave" <maxdoubt@xxxxxx> wrote:
> *IF* a hakker has the root password, yer box is owned. If they get the
admin
> password, they go to the GUI and change the admin password which changes
the
> root pass to match and your still screwed.
Remap the server admin GUI to a different directory. See either httpd.conf
or srm.conf depending on which RaQ you have. Security by obscurity, but
that doesn't mean it's a bad idea.
> I'm still looking for the benefit
> of having separate passwords on the Raq? I assumed this is why Jeff said
'no
> easy way' to do this on a Raq?
I'm not going to put words in Jeff's mouth, but another problem is that
resetting the admin password in the GUI resets the root password. That's
either a feature or a bug depending on how you look at it. In any case, if
you do set root's password to be different from admin's it's best to make a
mental note of that.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/