[CUWiN-Dev] Proposed Nodeconfig Change
Paul A. Kennedy
pakenned at pobox.com
Tue Jun 19 12:58:50 CDT 2007
On Jun 19, 2007, at 1:24 PM, dan blah wrote:
>
>
>>
>> Given a series of recent support inquiries, I am
>> proposing that on public releases we relax the
>> restriction of being able to connect to the web
>> GUI only using ssh port forwarding. I would
>> suggest altering the configuration for the web
>> server to listen on the local wired ethernet
>> interface, in addition to local host. This would
>> provide a level of security comparable to most
>> consumer devices, and allow access in a manner
>> more familiar to most people. I know this raises
>> some security concerns, but our public release
>> builds are by nature insecure anyway (default
>> passwords), so I don't think this would be much of
>> an issue.
>>
>> Thoughts?
>>
>> --Matt
>
> this opens them up a whole lot more. both on our testbed and on
> homers we
> have ap's connected over the wire that would now allow clients to tool
> around with the node.
>
> i don't agree with this. put together the documentation on how
> easy it is
> to change the thttpd.conf to listen to the wire address if people are
> asking.
[sorry about the extra copies--I don't know whether my posting is
going through, yet]
I am in favour of documentation as a change rather than changing the
node configuration.
I think that we would be better served in documenting for people how
to use ssh and tunnel connections. Get people used to having to
encrypt connections and jump through a hoop or two for security.
If you make it so that people can break security when they don't
think about network topology, then there's the potential for A
WIRELESS BACKBONE ROUTER to be compromised.
That is a target worth looking for.
Paul
--
Paul A. Kennedy
pakenned at pobox.com
More information about the CU-Wireless-Dev
mailing list