On Wed, 19 Jul 2000, you wrote:
> On Tue, Jul 18, 2000 at 03:29:36PM -0800, Civileme wrote:
> > I probably should recommend it more than I do. But, when not configured
> > properly, it is as much a problem as BackOrifice is to windoiws (Webmin's
>
> That makes me think. What do you mean by configuring Webmin correctly, or
> how do I configure it right?
>
It is passworded for access, but possibly subject to dictionary attack. The
password goes over TCP/IP from remote locations in the clear and *can* be
intercepted.
But that will do absolutely no good if you click on webmin configuration,
select IP Access, and set up a list of IP addresses from which it can be
accessed. Then the snoop trying to get in can do so from a limited number of
machines, which are those in your control.
You can get even more fine-grained as you progress. Normally I recommend to
the new user to use ONLY 127.0.0.1 until he/she has a good understanding of
how to set up security on Webmin and server packages.
Webmin _could_ be run from a chroot jail, of course, but then it would be
almost useless except for configuring things inside the jail.
Civileme
> Alexander Skwar
