On Thu, 18 Dec 2008 00:13:28 +0200, Alan McKinnon wrote: > But back onto your original question. Webmin is a problem that cannot > be fixed. It needs to have root priviledges, the root password needs to > go over the wire to the webmin http server, and to the best of my > knowledge is not subject to routine security scrutiny. I would not > trust it further than I can throw it, and that's not very far.
To be fair, they do recommend that you run webmin over HTTPS if using it over the Internet, but SSH does give the added benefit of key-based authentication. -- Neil Bothwick I've got the taglines if you've got the time!
signature.asc
Description: PGP signature
