On 1/25/07, Passeur <[EMAIL PROTECTED]> wrote:
Thanks for your feedbacks guys. Of course the idea is not to introduce silly and easy security holes in OpenBSD. So we will go for the most secure platform possible.
These foofy web management interfaces seldom result in that.
As for SSH comments, of course I agree, but this interface is a framework to manage OpenBSD based appliances but also an Operation Management software that aims to be used by anybody, even Unix newcomers.
There's an issue that is perhaps larger than security holes. You may have a box with vulnerabilities that may not even be exposed to threats given the other variables such as access control around the server and exposure and stuff. Think about what you've got; a web interface designed with gobs of forms that call procedures that perform some logic and one way or the other end up creating configuration files or shell commands that are sent to your server for execution or replacement of old configs. Why? Why not just have your administrator learn how to administer the system and type in the commands himself and update the configs himself? Is a half-baked admin who can't administer a Unix system worth putting in charge of the Unix system? You've got to spend a boatload of time designing forms that are complex enough to provide an interface into every aspect of the system that you might need to configure the components you'll need to. Then you've got to design your solution for processing those forms and (optionally, shoving values into a database?) massaging that input into valid configuration files or commands that are then sent over to the system. Depending on how you handle it, you'll likely end up with situations where modifications need to be made to the system in "the old way" anyway, and your scripts aren't designed to handle them correctly. Maybe you'll have mistakes in your code that does something that corrupts your configuration and makes troubleshooting and diagnosing what happened more difficult. Inevitably, you'll find the need to make a change which somehow prevents your automated web script based system from making future modifications because of a format error. One way or the other, you end up with a system management problem and a lot of needless time thrown down the drain just because someone didn't want to read the docs and learn Unix. Look at the various failures and problems that Webmin has caused people in the past, it's lack of flexibility managing the whole of the system, and then you'll understand why sysadmins shun this kind of garbage. On the other hand, one system that some people do like is the WebGUI system that Kasper designed for m0n0wall. It does this kind of thing, and some say it does it well. The problem is (or maybe not a problem) that m0n0wall is designed to encompass a very limited part of the system and gives a restricted interface to the user; things pertaining to setting up a network router, firewall, VPN, or one of a small handful of applications type server are there. The vast majority of the system is not administerable through WebGUI. And in the end, it doesn't prevent you from shooting yourself in the foot; you can still have a bumbling admin enter bad configurations and blow it up. Best of all; last I remember m0n0wall doesn't provide a shell or SSH access to get around the boo-boos. My $0.02, but you did ask for opinions. DS
