Run SL through ssl. Then they can only sniff the encrytpyion layer, no? >Hi Dieter: > >I saw a little security problem in SQL Ledger: > >Problem: >Some one can get your account name and password. > >How: >With a TCP/IP packet sniffer someone can check the responses from the Web >Server inside your LAN or Internet. When the Web Client is receiving the menu >sidebar, there are many time the username and password in plain text! > >Resolution: >First: I am not a security expert to tell exactly how to resolve this problem. >May be using encrypted password or some kind of session cokies can help us. I >saw some encrypt libraries in Perl. > -- Keith Mastin BeechTree Information Technology Services Inc. 137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED]
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
