Re: proposal: config option to prevent password storage

From: Robert Schiele <rschiele_at_uni-mannheim.de>
Date: 2002-09-23 09:04:05 CEST

On Sun, Sep 22, 2002 at 11:11:00PM -0500, Karl Fogel wrote:
> "Barry Scott" <barry.alan.scott@ntlworld.com> writes:
> > I would put this more strongly. You must default to a policy
> > of being secure.
> >
> > I do not trust myself or my users to remember to block this
> > security hole reliably.
>
> With `http basic' authentication, worrying about plaintext passwords
> being stored on the client side has got to be some kind of joke -- the
> things are flying over the net in cleartext too. Therefore I think
> the current default is fine :-).

Note that there exist http daemons with ssl encryption for some
years. Even apache is capable doing that.

Robert

-- 
Robert Schiele			Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker	mailto:rschiele@uni-mannheim.de

application/pgp-signature attachment: stored

Received on Mon Sep 23 09:06:05 2002

This message: [ Message body ]
Next message: Kean Johnston: "Success: SCO OpenServer 5.0.7"
Previous message: David Kimdon: "[PATCH]: fix segfault on user error"
In reply to: Karl Fogel: "Re: proposal: config option to prevent password storage"
Next in thread: Scott Lamb: "Re: proposal: config option to prevent password storage"
Reply: Scott Lamb: "Re: proposal: config option to prevent password storage"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]