Tim has the idea... I don't quite agree with Carlos's assesment of Red Hat's security flaws, but I don't think that matters if /etc/hosts.* files were set up properly and only SSH, port 80, and perhaps anonymous FTP were allowed from "unknown" hosts. As far as Paos being on a server that could be cracked, granted Carlos knows best of the potential dangers of Paos, but it would seem to me that ANY machine is potentialy vulnerable especially with man in the middle attacks possible. If there is potential for trojan horses being sent via Paos then Paos needs to deal with that (by providing some kind of encryption / tamper proofing on its messages) and not the server or operating system. I don't think it is reasonable to expect every locus server that might want to paticipate to ensure that its local network and every network between source and destination be secure and "tamper proof." Its more realistic to put a seatbelt in every car than it is to expect everyone to be a perfect driver. Quoting Tim (jabbo at mindless.com): > That reminds me, you should consider putting up a packet filter and only > allowing connections on ports 80 and <whatever SSH uses; forgetting > right now>. > > Plaintext logins are a Bad Thing... SSH is a good thing. And CVS can > run inside of SSH (duh, but worth noting). > > -- > > "A goal is a dream with a deadline." > > -- Harvey Mackay -- Dave Beck dave at arginine.umdnj.edu Sites of interest (set 1): Computer Science and Biology http://locus.umdnj.edu/nigms/ Drexel University, Philadelphia PA http://www.bio.net/