Henry den Hengst's picture

Why is it that ports are chosen for certain functionality like webshell, webmin, and phpmysql as 12320, 12321 and 12322. Wouldn't it be easier just to use /webshell , /webmin , and /phpmyadmin instead, where these admin functionalities are forced to use ssl?

Like https://localhost/webshell

Really interested what your thoughts are on this...

Jeremy Davis's picture

My suspicion is that in regards to both Webshell and Webmin it is partially pragmatics and partially security minded. I suspect that phpMyAdmin is configured that way to be consistent with the other 2.

  • Pragmatics - Webshell and Webmin have their own built-in web servers:
    • Addition of unrequired complexity and bloat: If they were both to be hosted on the same port (e.g. 443) then an additional proxying webserver would be required, even on appliances such as Core that have no need for one...
    • Increased code inconsistency: Above mentioned proxying config would not be consistent across all appliances (config would depend on the particular webserver being used)
    • Introduction of single point of failure: If the 'main' webserver (that is also proxying Webshell and Webmin) is misconfigured (inadvertantly) then Webmin and Webshell would become unavailable.
  • Security
    • Using individual ports makes it really easy to secure those services; simply by blocking the relevant ports. This has no possible negative effect on the other functions of the server.

Add new comment