Re: domain name

[Jonathan Byrne <j-byrne@example.com>]

shimpei@example.com (shimpei@example.com) wrote:

> days, especially if you're willing to live with an American server (I'm
> getting mine for $13.95 a month), and at least some of them do offer shell
> access. [1]

> [1] This is potentially a security nightmare [2]. The good thing about hosting
> companies, though, is that basic security becomes Somebody Else's Problem.

It is a security nightmare, which why we (like most other ISPs) no
longer offer shell accounts.  I actually would prefer a web
hosting service that did not offer shell accounts.  Why?  Security
isn't someone else's problem.  Shell accounts make it easier for
an attacker to own that machine, and if the machine gets owned,
my site is at risk, too.

> [2] Possibly the worse problem is that every web hosting company I've seen
> requires you to type passwords in the clear to get to the web-based "control 
> panel." Gee, guys, why do you even bother running sshd if you're gonna do that?

They usually also offer telnet, pop3, and ftp.  Those all send
passwords in the clear, too.  A web-based control panel that
doesn't use SSL is no worse than the others (but it's just as bad).

Jonathan Byrne <j-byrne@example.com>               Engineering Division
Exodus Communications K.K.                          http://www.exodus.co.jp/
Tel:  +81 3-5334-1700   Fax: +81 3-5334-1702        Direct: +81 3-5334-1756