Then the bad guys can sign in. One thing they do is place some sort of malware into index.html, which then
affects future entrants to the site.
-Steven Avery
That are 2 statements, totally not related to each other.
If anybody, bad or good, can log into your site then why/how do they get to change something like index.html? I've never been able to achieve that, neither as an admin nor as a regular user.
Most webservers require a separate, (s)ftp connection to the server for up/down-loading of website related files. Any account allowed to access that does have proper strength, and because of the assumed required 's' prefix can't be man-in-the-middled, if you don't blindly accept a non-standard/weird certificate (that your ftp-client WILL inform you about).
For absolute foolproof secure client/server connections you need a two-sided certificate-signed 'ssl'-connection (tls is the current connection protocol, ofc.), where both the server and the client need a matching certificate before a connection is even established. The hassle of securely exchanging and then installing the certificates, and the time spent on daily maintenance (adding new certs, and removing expired/lost/stolen certs) usually makes the use of this feature very low-frequent. But, combined with strong, often changing, passwords this system is water-tight.
Recent Posts
-Renegade (March 07, 2015, 08:00 AM)
), that task can easily be ported to an up to date Linux.
then read the topic-title, and if you think you have something useful to add, reply. Or ask, if you have questions.
