From: [EMAIL PROTECTED]
Subject: Unix security concerns.
Help.
I have been contracted to install the free server on a FreeBSD server
which I administer with the intention of purchasing one of the commercial
servers once the proof of concept is developed.
Since the streaming occurs on a privilaged port I had to install this as
root. The server DOES NOT suid to a less privilaged user after binding
to the ports but rather runs around reading and writing files as root.
There seems no attempt to encrypt the passwords used for
administration (not even digest). Everything in the configuration
including the mystery (easily scanned) port and passwords
are in the clear.
I am VERY uncomfortable with this and wonder if the commercial servers are
any better at addressing these issues. I discussed this with another
administrator who had one of her assistants install the server and she had
to take the server down rather than compromise her clients.
Any suggestions on how to run the server securely would be very
appreciated. My preference would be to leave the ports at their default
locations.
Thanks.
Don.
Donald Davis,
Digithink, Inc.
*******************************************************
The RealForum is an email discussion group focused on using RealNetworks
products. The RealForum is a place to post messages about the best methods
for creating content using RealNetworks technologies and the planning and
implementation of streaming-media web sites.
If you ever want to remove yourself from this mailing list,
you can send mail to <[EMAIL PROTECTED]> with the following
command in the body of your email message:
unsubscribe realforum
or from another account, besides the address you subscribed with:
unsubscribe realforum <[EMAIL PROTECTED]>
