Menu
▾
▴
Re: [webmin-l] Webmin security risk!
|
From: <jer...@li...> - 2006-08-25 13:19:25
|
>> It could at least be encrypted with a private key and then decrypted >> inside Webmin to pass to the other systems. This would add to the >> inconvenience of abusing the password, should it be viewed, but any >> impression of this being a secure solution is an illusion. >> Even using asymmetric keys, as in ssh, Webmin would still hold some >> credential which could be copied and abused. >> It's an intractable problem. >> --r >> > Private keys are a one way incription mechanism. You have to know the > original password, and then encrypt it with the public key to see if the > result is the same. In our case, we want a method that will allow webmin > to know the password. There is no simple anwer here. If Webmin encrypts > the password, then any potential hacker can use the encrypription method > from Webmin to retrieve it. Just a waste of time. > You close your door after leaving your home but any people can open it with right tools. If you let it open, people are encouraged to enter... Poor protection is better than none. ___________________________ http://www.lo2k.net |
