On Sat, 2002-08-10 at 21:35, Antonio Gallardo Rivera wrote: > Hi Dieter: > > I saw a little security problem in SQL Ledger: > > Problem: > Some one can get your account name and password. > > How: > With a TCP/IP packet sniffer someone can check the responses from the Web > Server inside your LAN or Internet. When the Web Client is receiving the menu > sidebar, there are many time the username and password in plain text! > > Resolution: > First: I am not a security expert to tell exactly how to resolve this problem. > May be using encrypted password or some kind of session cokies can help us. I > saw some encrypt libraries in Perl.
Run it under an SSL server and require SSL for access. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * QCSNet http://www.qcsn.com * * * * T1, Frame Relay, DSL, Dial-up, and Web Hosting * * * *
signature.asc
Description: This is a digitally signed message part
