|  | Posted by Niels on 02/11/05 20:27 
Hi,
 Richard Lynch wrote:
 > I suspect that people who looked into doing this fall into two categories:
 >
 > Those who heeded the experts who told them "Don't do that" and didn't do
 > it.
 >
 > Thoee who ignored the experts, went ahead and did it, and cobbled together
 > enough band-aid security measures to be "Okay" with it, but not something
 > they want to publish what they did, because then it would be too easy to
 > attack them.
 >
 > Actually, there's probably a third category:  Those who don't even really
 > own their own machines any more because they got root-ed. :-v
 >
 
 I know you're trying to cheer me up, but this isn't helping! ;-)
 
 I have this theory that if what you're trying to protect is important
 enough, somebody will get through the security barriers eventually. That
 goes double for the internet. A good point that I've failed to bring up is
 the question "How secure do you need it to be?". I think that's an
 important consideration.
 
 Your three groups sound quite accurate, but my big problem is that when a
 program _has_ to do these things, I'm left in group #2, because I can't
 find any tried-and-tested methods. This is not usually the case with PHP,
 the community always seems to provide good solutions. I'm left in group #2
 until I've become an expert in this myself, several unpaid years into the
 future...
 
 Webmin is a common tool, and if their security measures don't hold up, then
 we're in big trouble. I believe they're using PAM somehow, I'll look into
 that. Until then, it's a sudo scheme.
 
 
 Thanks again,
 Niels
  Navigation: [Reply to this message] |