Re: Question on the safety sharing NFS with untrusted machines.
On Thursday, 2002-07-25 at 14:51:09 -0500, Dast wrote:
> Mike Renfro <renfro@tntech.edu> writes:
> > On Thu, Jul 25, 2002 at 01:07:19PM -0500, Dast wrote:
> > > So my question is, is it safer to host the NFS from the DMZ and
> > > mount remotely on machines in the internal network, or host the NFS
> > > from a machine on the internal network and remotely mount in the
> > > DMZ? Or does it matter?
> > I suppose it depends on what sort of activity you need to do over the
> > NFS mount.
> Thanks for the feedback. That certainly gives me something to chew
> on.
> The mount will be just bulk file storage. I haven't decided if the
> machine in the DMZ needs read/write or just read access, however.
> Everything on that mount should be publicly accessible to all users,
> so in terms of one user getting another's files, that isn't an issue.
If you don't have realtime requirements, you could rsync between
the two machines.
HTH,
Lupe CHristoph
--
| lupe@lupe-christoph.de | http://www.lupe-christoph.de/ |
| I have challenged the entire ISO-9000 quality assurance team to a |
| Bat-Leth contest on the holodeck. They will not concern us again. |
| http://public.logica.com/~stepneys/joke/klingon.htm |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: