[SLL] sharing superuser account is always bad policy, right?
Phil Mocek
pmocek-sll at mocek.org
Thu Feb 5 10:27:43 PST 2009
On Thu, Feb 05, 2009 at 09:44:39AM -0800, Glenn Stone wrote:
> But, no. Cleartext. On a webserver. In a ticketing system.
> In email. No SLL anywhere.
SLL? You mean SSL? In their defense: access to their control
panel app is available only with SSL.
> Wanting that access to peek at temps (you don't need root to do
> that). (They could've asked for the relevant logfiles, too...)
Although I had already quoted them the log entries that caught my
attention, they wanted to look at /var/log/messages, which is
root:root 0600.
> No, I don't think that's even a competent MSCE over there, much
> less anyone who really knows jack about Linux security. Give'em
> the Trump.
That's generally what I was thinking.
To put things in perspective, this service costs $50/month for a
Celeron 1.8 GHz with 80 GB hard drive, 512 MB RAM, and 250
GB/month bandwidth. We pay an additional $40/mo for backups.
This service is, in essence, intended to replace a co-lo
quarter-rack we rent for $500/mo with three machines that are
mostly unused because our production servers are now located
elsewhere.
--
Phil Mocek
More information about the linux-list
mailing list