Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Localhost connection refused
- To: tlug@example.com
- Subject: Re: Localhost connection refused
- From: Scott <scottro@example.com>
- Date: Sat, 07 Jul 2001 13:07:10 -0400
- Content-Type: text/plain; charset="us-ascii"; format=flowed
- Delivered-To: tlug@example.com
- In-Reply-To: <20010709014040.H1215@example.com>
- List-Help: <mailto:tlug-request@example.comsubject=help>
- List-Post: <mailto:tlug@example.com>
- List-Subscribe: <mailto:tlug-request@example.comsubject=subscribe>
- List-Unsubscribe: <mailto:tlug-request@example.comsubject=unsubscribe>
- Old-Return-Path: <scottro@example.com>
- References: <5.0.2.1.0.20010707120334.00b23be8@example.com><01070813232100.08656@example.com><008001c10778$bb349560$9455fea9@example.com><5.0.2.1.0.20010707120334.00b23be8@example.com>
- Reply-To: tlug@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <Pt8DyC.A.IhE.HOJS7@example.com>
- Resent-Sender: tlug-request@example.com
on 01:40 2001/07/09 +0900, Jonathan Q wrote >I have to take serious issue with this. > >Scott (scottro@example.com) wrote: > > > on 15:39 2001/07/08 +0900, Glenn Evanish wrote > > > > > I'm going to modestly recommend mine :) > >Modesty is certainly called for. Telling people >that telnet is not a security problem is a real disservice and >quite inaccurate. Telling people how to enable telnet is also >a disservice. Hrmm--I'd have to argue that--at the beginning I comment that there are security issues with allowing telnet, so that it's being disabled by default is not necessarily a bad thing. At the end of the page I reiterate that there are security issues with allowing it. >You state: > >----- >A quick interjection on ssh here--many people say, telnet is insecure, use >ssh instead. Although ssh encrypts user names and passwords, those who >know a lot about these things tell me that it doesn't offer a great deal >more security than telnet. So, if you have ssh running, don't sit back and >be sure that you're secure. >---- > >Would you like to explain to us all how sending an encrypted sessions is not >worlds more secure than sending a complete clear-text sessions, password >and userid included? > >To state that ssh doesn't offer a great deal more security than telnet >is just plain false. Putting up a page that states that is >irresponsible, at best. Again, I think that the statement is accurate. I am ~not~ an expert on security--I However, the point is this--the page is designed for beginners. I don't want the beginner saying, ah, I have SSH not telnet, therefore I'm totally safe. I could change the line to read, although it offers a great deal more security than telnet, etc. but upon consideration, would rather leave it as it is. The reason for this is stated in the last paragraph. Let the beginner be more worried about security and investigate it further for themselves. Although, after reading your email, I think you are right that I do not sufficiently emphasize the security risks. I have added a warning, (in boldface no less :) ) at the beginning, reading Warning: Allowing telnet can have serious security implications. Please take some time to investigate this before enabling it on your machine. Scott
- Follow-Ups:
- Re: Localhost connection refused
- From: Simon Cozens <simon@example.com>
- Re: Localhost connection refused
- References:
- Re: Localhost connection refused
- From: Scott <scottro@example.com>
- Localhost connection refused
- From: John De Hoog <dehoog@example.com>
- Re: Localhost connection refused
- From: "Glenn Evanish" <glenn@example.com>
- Re: Localhost connection refused
- From: Jonathan Q <jq@example.com>
- Re: Localhost connection refused
- Prev by Date: Re: Localhost connection refused
- Next by Date: PHP/Apache/Mysql
- Prev by thread: Re: Localhost connection refused
- Next by thread: Re: Localhost connection refused
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |