7 Nov
1998
7 Nov
'98
4:35 p.m.
On Fri, 06 Nov 1998 19:41:46 EST, Brian Atkins brian@posthuman.com wrote:
Right, of course if you misconfig something you open yourself to mischief. What I want to get at is whether it is safe to have a filer attached to the net-at-large, or whether it needs to be firewalled or otherwise protected. Can you elaborate on the nfs insecurities you mention? [...]
A friend of mine does this, and it seems like a very good design. The toaster has an interface on each side of the firewall. It exports read-only to a web server on the outside, and read-write to a server on the inside. He doesn't run http on the toaster, only NFS. But I don't see any vulnerability in this elegant design.