httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: Patch to allow use of password file as auth DB (from USENET)
Date Mon, 08 May 1995 20:05:34 GMT
On Mon, 8 May 1995, Robert S. Thau wrote:
> Hmmm... just as a reality check, support for encrypted rlogin, telnet
> and ftp is hardly universal yet, so many sites are still sending
> passwords 'en claire' through those rather more prominent protocols.
> On the other hand, I suppose I can see the point to keeping out a
> feature which makes the problem worse...

Remember that unline telnet, ftp, or rlogin, which send it only once 
per session, this password is sent with *every* HTTP request.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/


Mime
View raw message