[ On Friday, October 13, 2000 at 10:42:17 (-0400), Larry Jones wrote: ]
> Subject: Re: PServer authentication
>
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account. pserver is only a security problem when you
> want to allow access to untrusted users.
Maybe not! Pserver is wide open to man-in-the-middle, replay, spoofing,
and sniffing attacks too.
Between 80% and 90% of all security problems are internal (i.e. they lie
within the boundaries of the firewall and thus pserver is wide open to
their shenanigans).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs