 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 3/15/07, gboyce <gboyce at badbelly.com> wrote: > The UID restrictions are honored (or not) by the client system. If your > files are owned by UID 100 which should be mapped to your user, I can read > your files by creating a new user with uid 100 on my system. I didn't recommend to use NFS to keep it secure. I recommended NFS over SMB for speed, since it should be assumed that LAN users are trusted -- given a properly secured exterior (WAN/Wireless). > On SMB file shares access to the files are restricted to an authenticated > user. Yes, you can break the encryption placed on the file transfers, but > that will only work if you have the ability to listen to all network > traffic which is difficult on a switched network. Difficult? # aptitude install dsniff # arpspoof 192.168.1.1 > On a network in which you cannot trust the users and systems this means > that a skilled attacker can potentially read files transfered by SMB while > a less skilled attacker can pull ALL files from your NFS file server. I totally agree. In any event, the topic is moot and we should move on. No one wants to hear grumblings about it I'm sure, and I'm starting to look like a jerk for trying to make my point on security here...where I think my original points were misunderstood by the thread initiator... -- Kristian Hermansen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
