 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Mon, Aug 2, 2010 at 11:55 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: > On Aug 2, 2010, at 11:06 PM, Jarod Wilson wrote: >> >> Well, personally, I think a sane mythweb package puts a config file >> into apache's config includes directory, not in a .htaccess file. And >> then you enable authentication and wrap it with ssl. I'm not paranoid >> enough to worry about requiring a vpn link or ssh tunnels, I've got >> https access from anywhere. > > So does every potential attacker in the world. Sure. > Wrapping HTTP in SSL offers no protection to your server. ?None. ?Zilch. ?Nada. ?It protects the end to end traffic. ?An attacker still has access to your authentication mechanism and can just as easily launch a brute force or exploit attack against it as he could if the traffic were clear instead of encrypted. They can launch the same brute force attack and/or go for exploits against ssh. Or an ipsec vpn. Or anything public-facing. But seriously, who is going to expend the effort brute-force attacking my mythtv box to delete some recordings? -- Jarod Wilson jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
