On Mon, 10 Feb 1997, Ron Snyder wrote:
> Date: Mon, 10 Feb 1997 12:30:13 -0800
> From: Ron Snyder <snyder @
> To: firewalls @
> when he told me this. Here are my questions:
> admin the server?
Well, I'm not sure that it is _required_ you can always hand edit the
administration server is much more convenient and I've encountered some
quirks with the first method.
> 2) Is there any way that I can have my cake (disable java*) and eat
> it too (let him admin the server)? These are the possibilities I can
> a) tell him to dial in to the web server
> (modem should be dial-out only, so this is a bad idea)
> b) Have him use ISDN to establish his admin sessions to the web
> (What problems does the existence of his desktop ISDN
> connection give me?)
These would allow him to hand edit the configuration files but unless you
are going to run a ppp connection off the web server they still do not
allow him to use the admin server.
One alternative you can use if the web server is a UN*X box (There may be
some equivalent under NT but I'm a Un*x person) is to:
1) Install Netscape Navigator on the web server.
2) Allow ssh sessions from a secure workstation inside your network
running an X-server (Well as secure as you can get with X) to the
3) ssh -f <webserver> <path to netscape binary>
Since ssh will forward the x over the ssh session you will have an
encrypted connection between your web server and your workstation.
4) Configure your administration server to only allow local connections
(The Netscape Navigator session will be running locally).
Anything I'm overlooking?
Stress-n- The condition or confusion that arises when the brain
overrides the body's desire to choke the hell out of some
idiot who really needs it.