"Ramasubramanian,Suresh" proclaimed:
> It is generally a security risk to have _any_ domain control panel
> accessible through the web, no matter that it is on some weird port ...
Very good point. A run of nmap will easily reveal to any potential cracker
what is running on a target machine and on which port number.
If you *are* going to have a web based control panel, I recommend the
following ways of securing it:
0. Have password based authentication.
1. Run the server providing the web based control panel on some
non-standard port.
2. Run it on SSL.
3. Configure it to allow connections only from a pre-defined set of domain
names / IP addresses.
My biggest problem with many of these "user friendly" system management
interfaces is the fact that they don't co-exist well with editing files by
hand. I first encountered this problem with the web-based Solaris
administration interface from 2 years ago.
There are frequent talks about an XML based config file architecture in the
debian-devel mailing list. Because it finally affects *so* many individual
pieces of software I don't think it is going to happen over the next year.
Thaths
--
Homer: Good old Evergreen Terrace: the swankiest street in the
classiest part of Pressboard Estates.
Bart: Well if you love it so much, why are you always littering?
Homer: It's easier, duh.
Sudhakar C13n http://www.aunet.org/thaths/ Lead Indentured Slave
-----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
