I believe that redurl.com has raised an interesting issue with the people
using OpenSRS.
How many of the people who are installing OpenSRS are doing so with due care
and consideration for the security of their systems? If someone could break
into your system, they could spend all your RCUs, steal your customer
database, make updates to your domains and passwords.
I personally have spent a great amount of time devising a method to ensure
that my OpenSRS.conf is well protected, that the web-server user cannot
access any files except under my environment control. Am I unusual in this?
The OpenSRS source is freely available, and there's no reason why people
will not try break into insecure installations.
Be careful, spend some time securing your systems, it could save you a
fortune in time, money and reputation.
-- Grant
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:22 EDT