[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] minivend security concern
****** message to minivend-users from Stefan Hornburg <racke@linuxia.de> ******
Shao Zhang <shao@shaoz.dhs.org> writes:
> ****** message to minivend-users from Shao Zhang <shao@shaoz.dhs.org> ******
>
> Hi,
> If I set TcpHost to *, is this a really big security hole??
>
> The reason I do this, is becuase I need to give a lot of users
> access to upload/download their catalog files via minimate. But
> once they logged in to port 7786, when they go back to minivend,
> minivend will deny their access. This is what is shown in the
> error.log:
>
> > - - - [11/January/2000:11:11:42 +1100] - - Runtime error:
> > attempt to connect from unauthorized host UNRESOLVE D_NAME/203.63.219.44.
>
>
> Now, I cannot put all of their ip under TcpHost becuase they are
> changing all the time. Will this be a big security hole??
This is a big security hole as anything sending plaintext passwords
over the net (like telnet, ftp and friends), but ISPs do it that
way usually. IP's are not sure at all, too !!
If you want to get it tight, you have to use https:// !
Ciao
Racke
--
LinuXia Systems, eCommerce and more => http://www.linuxia.de/ or 0511-3941290.
Unsere Partner: Cobolt NetServices (http://www.cobolt.ch), CAPCON Systemhouse
(http://www.capcon-systemhouse.com), ecoservice gmbh (http://www.ecoservice.de)
Unser Fokus liegt auf Open-Source-Software (MiniVend, Debian GNU/Linux, etc.)
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
