Charlie Brady wrote:
>
> On Mon, 27 Aug 2001, Dan Brown wrote:
>
> > page and the admin page separately, rather than both together. Having
> > just the password page be viewable wouldn't be nearly as vulnerable as
> > the admin page.
>
> They're exactly equivalent.
I'm thinking not, because the most you can brute-force from the
password page is a user password--it won't touch the admin password,
because it says that admin isn't a user account. What am I missing? Is
it that they're both running on httpd-admin rather than on
httpd-e-smith?
--
Dan Brown, KE6MKS, [EMAIL PROTECTED]
"Meddle not in the affairs of dragons, for you are crunchy
and taste good with ketchup."
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org