On Wed, 7 Jun 2000, Adrian Likins wrote:
> On Tue, Jun 06, 2000 at 10:10:06PM -0400, Trond Eivind Glomsrød wrote:
> > [EMAIL PROTECTED] (Prasanth A. Kumar) writes:
> >
> > > I don't know if anyone has ever tried Webmin but I can say it is much
> > > more user friendly and less intrusive than Linuxconf. I think Redhat
> > > should seriously look at replacing Linuxconf with Webmin.
> >
> > We have.
> >
> > > I guess the most serious limitation to Webmin is that it runs over a
> > > browser, which can be a problem in text mode.
> >
> > One of them.
>
> Somewhat concerned about the security implications as well. While
> working in support, I've seen several hosts exploited via webmin. In that
> regard, its second only to old bind/admrocks exploits.
>
> Now, I should mention that for almost all cases, these were machines
> that were essentially "admin-free", and I suspect the installations of webmin
> were suboptimal. Havent been able to find any known exploits in webmin
> either, but the sheer volume of exploited machines scares me a bit.
Webmin could use some cleanup in terms of what the default installaiton is
and possibly a scheme like the one used in satan in that the program did
not run on a specific port but would run up a random port and pass the
information to the web browser invoked at the same time.
Alvin Starr || voice: (416)585-9971
Interlink Connectivity || fax: (416)585-9974
[EMAIL PROTECTED] ||
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
