"Dave" <[EMAIL PROTECTED]> wrote: > *IF* a hakker has the root password, yer box is owned. If they get the admin > password, they go to the GUI and change the admin password which changes the > root pass to match and your still screwed.
Remap the server admin GUI to a different directory. See either httpd.conf or srm.conf depending on which RaQ you have. Security by obscurity, but that doesn't mean it's a bad idea. > I'm still looking for the benefit > of having separate passwords on the Raq? I assumed this is why Jeff said 'no > easy way' to do this on a Raq? I'm not going to put words in Jeff's mouth, but another problem is that resetting the admin password in the GUI resets the root password. That's either a feature or a bug depending on how you look at it. In any case, if you do set root's password to be different from admin's it's best to make a mental note of that. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
