-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ed Wilts wrote:
>> how stupid/dangerous would it be to run a server from home running nfs so >i >> could access it from work? > >Bluntly put, very stupid and dangerous. NFS is affectionately known to >stand for No F*cking Security. Basically the protocol works by trusting the >client. Since you can not trust the client in a wide-area scenario, you're >opening yourself up for disaster. You could get away with exposing a small >subset of your files to read-only NFS access, but anything other than that >can be written is wide-open to the world. No quarrel with the above, but I'd suggest that it's more justifiable if you are restricting the export to a net block which you control, or to a single address. If you're only connecting from a single static IP address, and you have faith that you alone control that address, you might be ok with this. But be aware that we're talking about cleartext traffic here, so the data itself is exposed, which may or may not matter to you. The preferred quick-and-dirty here is definitely an ssh tunnel, and even then only from a trusted client. - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPGMx179BpdPKTBGtEQKAPgCfUd+zyVmoPfbpfzzizrtzygHSnPwAn3us bOmU4rrCtYomz7trHzSs4L6S =sKpt -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
