On Mon, 2006-02-06 at 11:11, Jim Perrin wrote:
> > The same is true for ssh... And would you rather have a tool
> > where problems have been found and fixed or where they haven't
> > been found ...yet?
> Circular argument here. Are you saying that ssh has holes, or that
> because webmin has had known holes in the past that were fixed that it
> is hole-free now? Both ssh and webmin could have unpatched holes.
> Track records for security speak a great deal about a product <insert
> Anti-microsoft comment HERE>.
I meant that ssh has also had problems in the past, so the
same track record logic applies.
> More than anything I think it's an option for me of "The admin should
> know what he's doing", and interfaces that allow J. Random User to
> point, click, and call himself an admin worry me from a security
> standpoint. Nearly all the problems I see during the course of a given
> day are the result of poor administration. Yes, things should be easy
> to administer. Yes doing it from the command line makes it more
> challenging and you can spend hours looking for a missing semi-colon
> or bracket. But NO there is no substitution for someone who knows what
> the hell they're doing when it comes to security. </rant>
Agreed - if you don't basically understand what you are doing,
webmin won't fix that.
> I'm not really sure a reply is warranted. I'd rather not start a
> flamewar/OT discussion. If you get the urge to reply anyway, we can
> continue offlist.
I just wanted to mention SME server as something of an exception
to the admin needing to know anything. It is sort of an
appliance setup and may or may not do everything you need.
If it does, then the fill-in-the-form approach takes care
of you. If it doesn't, the template-built config files
make it harder than a normal system to customize unless
someone else has already done it.
--
Les Mikesell
lesmikesell@xxxxxxxxx
