[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] SSL on ASP Admin Panel
- Subject: [cobalt-security] SSL on ASP Admin Panel
- From: duncan gray <duncanrobertgray@xxxxxxxxx>
- Date: Mon, 29 Apr 2002 04:55:57 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hiya this one is always a pain, fact is the admin
pages again as far as I can figure out from looking
into the depths of my raqs is that the admin GUI runs
off another version of apache, I could be wrong here
as I didnt really spend much time looking into things
and took a bit of a guess.. but . the problem is is
when you go to http://mysite/admin it does a redirect
straight away, so securing mysite is useless with ssl.
The next problem is that it does a redirect to a url
running on another port, (81) this is not the port SSL
runs on so I dont even know if your web browser would
regognise SSL as running even if you put managed to
secure you main domain for the server. Sombody who
really knows what they are doing needs to look into
this problem and get it sorted, as ....
The whole point of being able to use the raq, is that
you can use the WEB ADMIN PAGES to simplify things, if
you dont intend to use them you might as well get a
blank box and install Red hat on it.
Secondly I'm scared to log onto my raqs admin pages,
as the root password for the machine is sent in PLAIN
TEXT! across the network. So anybody sniffing can pick
it up, I personally think this is one of the biggest
flaws about the RAQ and should be solved ASAP.
Hope sombody is prepared to look into this. Im sure it
should be SUN who should be looking into this, but I
doubt they will.
Regards.
Duncan.
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com