[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache Configuration



>SSL, ACL,  non-standard socket

The point about remotely configuring a server is to be *removed* from it
and from the network. That rules out the non-standard port protected by a
firewall.

What I have in mind is one-time codepads, a non-standard port that is NOT
blocked by the firewall, perhaps port-hopping and other stuff. It will
certainly be free, but use plug-in security modules which will not be
published (lest you want to open the door...). The security modules work
as stream filters so there should be no problem writing them. I imagine
JavaScript is better than Java for that, and a proxy even better than both
(but requires a trusted host on the 'own' network, close to the browser).

For the interface, SNMP sucks. The typical remote administration problem,
is when the server is (being set) on fire or is already burning ;) That is
precisely when I want shell access in root mode, and no fancy scripts and
other b...sh.t. Telent over SSH or such is best but it may not be
available at that time (and would you leave a root telnet open with a
protocol that is PD ?). Including no fancy forms. I've yet to see a SNMP
client / server that works well when the system is swamped with some form
of attack or hanged in some interminable loop (a la sendmail). 

Peter Lorand Peres
------------------
plp@actcom.co.il 100310.2360 on CIS (please use Internet address for mail)
http://ourworld.compuserve.com/homepages/plp

"The creed of Inland Revenue is simple: 'If we can bring one little smile to one
little face today - then somebody's screwed up somewhere' - David Frost

(Note: The above stands valid in all countries until proven wrong)