|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
06-19-2006, 08:11 AM
|
#1 |
|
Just a Simple Carpenter
Join Date: May 2003
Location: Your mom's house...
Posts: 1,338
|
Server admins, need your opinion...
So I'm having an argument with a friend of mine and I would like to know your thoughts on the subject. When creating usernames and passwords for a server, I think it's better to use strong usernames with strong passwords. It seems that a bunch of random characters for the username (and obviously the password) would make it harder for a hacker to guess/brute force attack. My friend seems to disagree because he says usernames are stored unencrypted in various locations on a server and are easily discoverable anyway...so there really is no added level of security by using a strong username. What are your thoughts...do you guys use simple or strong usernames and why?
|
|
|
|
06-19-2006, 08:15 AM
|
#2 |
|
Confirmed User
Join Date: Apr 2002
Location: /root/
Posts: 4,997
|
Your friend is right.
Using strong usernames is security by obscurity and it doesn't work. Let me ask you something, do you change your "root" user to something else ? |
|
|
|
|
06-19-2006, 08:46 AM
|
#3 |
|
Confirmed User
Join Date: Jan 2004
Posts: 1,238
|
Darksoul does have a great point, if you are using strong usernames then you should include the 'root' user as well, or disable direct root login.
Regardless, I would actually agree with Phillip - strong usernames are another layer of security, and although it might not increase it by much as user's are available plaintext in say /etc/passwd - it is still better because by default there is no way for a remote user to view these files. They would have to compromise the server to begin with in order to see these plaintext files. So from a complete remote breakin point, strong usernames are a plus.
__________________
Managed US/NL Hosting [ [Reality Check Network ] Dell XEON Servers + 1/2/3 TB Packages ICQ: 4-930-562 |
|
|
|
|
06-19-2006, 09:05 AM
|
#4 |
|
Just a Simple Carpenter
Join Date: May 2003
Location: Your mom's house...
Posts: 1,338
|
Thanks for your thoughts. You're right, if your server was compromised, it really doesn't matter what you choose for a username. So you have to make it harder to bust in to the server. I mean we still see some brute force attempts from time to time and thus my inclination is to make it twice as hard to guess the user/pass. Or is that not a correct way of thinking?
|
|
|
|
|
06-19-2006, 09:22 AM
|
#5 | |
|
Confirmed User
Join Date: Apr 2002
Location: /root/
Posts: 4,997
|
Quote:
|
|
|
|
|
