Webmin Corrections (was: Re: This monday: Webmin, Gentoo)
Derek Martin
invalid at pizzashack.org
Fri Jul 30 14:58:00 EDT 2004
On Fri, Jul 30, 2004 at 12:47:30PM -0400, Travis Roy wrote:
> >2. Run the Apache server on an unusual port. Security by obscurity
> > will not stop a determined hacker, but it IS a valuable tool
> > against (a) automated scripts and (b) casual attackers looking for
> > an easy target.
>
> Webmin does not require Apache it runs it's own webserver.
While this is true, in many (if not most) cases it makes sense to run
it under Apache. Apache is faster, more memory efficient, and
probably more secure, being a very mature and well-developed project.
The Webmin server is a very simple implementation written as a perl
script, and not as well developed, by the author's own admission.
http://www.webmin.com/apache.html
> It already runs on a non-standard web port (default is 10000) and
Sure, but the point is to run /Webmin/ on a non-standard port... If
people are trying to exploit a bug in Webmin, they're going to go
looking for it on the default Webmin port, not on port 80/443.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040730/c9f00131/attachment.bin
More information about the gnhlug-discuss
mailing list