On Sunday 01 September 2002 09:58, Nathan Angelacos wrote: > Hey Lynn, thanks for your comments. > > I guess we are approaching this from slightly different starting > assumptions. My assumption is that the webbased configuration engine > is just a pretty face on lrcfg. > > The model I'm thinking of is "you buy a linksys router, you plug it > in to your LAN, look at the sticker on the router, and it says that > if you point your web browser at 192.168.0.254, you'll get the > configuration web page." No passwords - you're in as admininstrator, > configuring the router for first use. All it is doing is editing the > equivalent of /etc/interfaces; /etc/network.conf or whatever, and > then bringing up the interface. Right? > > Similarly, we could say that the security of lrcfg is the strength of > your root password for the internal interface, and whether you allow > inbound telnet or ssh on your external interface. Once the someone > gets in as root, I really don't care if he abuses lrcfg - he already > owns the box. :-)
I'm following you now.... that makes since and it would make it necessary to bring up the default (index?) page as a login only page (duh!). There may (or may not) be a defaut password to enter the configuration menu via www. It would also be advisable to run the server on something like port 81 so it would not be as likely to be "accidentally" accessed in the first place. <snip> I agree with the rest of what your saying... I was taking several steps further than you intended to in the application itself. Thx for clarifying! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
