[CUWiN-Dev] Proposed Nodeconfig Change

[Paul A. Kennedy]

On Jun 19, 2007, at 1:24 PM, dan blah wrote:

>
>
>>
>> Given a series of recent support inquiries, I am
>> proposing that on public releases we relax the
>> restriction of being able to connect to the web
>> GUI only using ssh port forwarding.  I would
>> suggest altering the configuration for the web
>> server to listen on the local wired ethernet
>> interface, in addition to local host.  This would
>> provide a level of security comparable to most
>> consumer devices, and allow access in a manner
>> more familiar to most people.  I know this raises
>> some security concerns, but our public release
>> builds are by nature insecure anyway (default
>> passwords), so I don't think this would be much of
>> an issue.
>>
>> Thoughts?
>>
>> --Matt
>

> this opens them up a whole lot more.  both on our testbed and on  
> homers we
> have ap's connected over the wire that would now allow clients to tool
> around with the node.
>
> i don't agree with this.  put together the documentation on how  
> easy it is
> to change the thttpd.conf to listen to the wire address if people are
> asking.

[sorry about the extra copies--I don't know whether my posting is  
going through, yet]

I am in favour of documentation as a change rather than changing the  
node configuration.

I think that we would be better served in documenting for people how  
to use ssh and tunnel connections.  Get people used to having to  
encrypt connections and jump through a hoop or two for security.

If you make it so that people can break security when they don't  
think about network topology, then there's the potential for A  
WIRELESS BACKBONE ROUTER to be compromised.

That is a target worth looking for.

Paul

--
Paul A. Kennedy
pakenned at pobox.com