> http://www.heise.de/ct/english/02/01/162/ > http://www.smoothwall.org/gpl/home/articles/team/20020109.ct-response.html
This article makes some really stupid points. Of course the DSL password is stored in plain text - as the computer needs to read it to use the modem it has to be able to access it. Any form of encryption would merely be security through obscurity - you'd have to store the key somewhere on the computer. This should be obvious - especially to anyone who's read The Cathedral and the Bazaar; Remember "A security system is only as secure as its secret. Beware of pseudo-secrets." The issue about shadow passwords is also pretty stupid. Yes, your webserver could possibly be tricked into reading the password files. Since your webserver runs the web interface to port forwarding and other key functions, and can forward ports from dirty to clean, mucking around with the password file seems a little trivial when you already have the power to do whatever you want. I'm not sure how the hacker can access the websever anyhow - it's only listening on the clean network. As is the web proxy. I wouldn't attempt to dissuade you if you did believe that this is basically insecure. The question is really how secure do you want your firewall to be? If you want a web interface and the niceness that brings you then you're going to have to pay the price of giving your web server and other such processes the power to essentially be root. It's that simple. I think smoothwall is a good product, and makes sense to me. Last night I determined that blue yonder's transproxy was not letting through any connections to any web sites. As it's a transproxy I can't get round this. I can however still run all my connections through someone else's proxy. So...fill in a field in the web interface, turn on smoothwall's own transproxy (squid) and voila, I'm routing all my traffic via some other proxy. Yey...web interfaces rock. Now...I can understand people's problems with some of the developers. They have a bad reputation. It didn't help that last night when I downloaded the smoothwall FAQ I found a thirty page lecture by esr telling me basically not to bother anyone tacked onto the front. I've used the smoothwall irc channel. I wasn't particularly impressed. They were quite brusque, but in fairness they weren't rude to me. My point is why should any of this matter. Let's keep the distinction between the product and the developers in place, keep them separate. Smoothwall is open source, and you haven't paid for any support - you shouldn't expect any. Ooops, another rant. Must have forgotten to take my own frog pills too. Later. Mark. -- s'' Mark Fowler London.pm Bath.pm http://www.twoshortplanks.com/ [EMAIL PROTECTED] ';use Term'Cap;$t=Tgetent Term'Cap{};print$t->Tputs(cl);for$w(split/ +/ ){for(0..30){$|=print$t->Tgoto(cm,$_,$y)." $w";select$k,$k,$k,.03}$y+=2}