The best security is provided by a $2 pair of scissors.... but what you are doing is called "best practices", and about as secure as you can reasonably expect.
>Hi All, > > I use the allow option in the httpd.conf file to limit access to the >sql-ledger location to only my network and other networks that I trust. Then >if I'm at a client site where I don't trust the connection, I use putty to >get an ssh connection to my server and run the software through lynx. It's >not pretty but it works. I think that is pretty secure. Let me know if I'm >wrong. > >Greg > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Mastin >Sent: Sunday, August 11, 2002 1:15 PM >To: [EMAIL PROTECTED] >Subject: Re: [SL] SQL Ledger and Security > > >Then you are not using encryted passwords. My six figure password comes >back as 10 figures, and they are all wrong, in character/letter/numeral as >well as case. > >>I already thinked about the SSL or https solution, but: >> >>Just place the mouse on any link on the sidebar menu. You will see your >>password again! Everyone with access to your computer can see that. Is very >>easy to hack anyway. >> >>Antonio Gallardo >> >> >>El Domingo, 11 de Agosto de 2002 00:07, John Summerfield escribi�: >>> On Sun, 11 Aug 2002 12:35, Antonio Gallardo Rivera wrote: >>> > How: >>> > With a TCP/IP packet sniffer someone can check the responses from the >Web >>> > Server inside your LAN or Internet. When the Web Client is receiving >the >>> > menu sidebar, there are many time the username and password in plain >>> > text! >>> >>> It's worse, of course, when you access your accounts from clients' sites >or >>> through other places not under your control. >>> >>> > Resolution: >>> > First: I am not a security expert to tell exactly how to resolve this >>> > problem. May be using encrypted password or some kind of session cokies >>> > can help us. I saw some encrypt libraries in Perl. >>> >>> https I guess. In the short term, use the ssh command (or similar) to >>> connect to a safe box (maybe the server) and process transactions that >way. >>> >>> Depending on your setup you might still be able to use a GUI browser such >>> as Mozilla, or you may need to use lynx or links. >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>------------------------------------------------------- >>(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >>Archive: http://www.mail-archive.com/[email protected]/ >> > >-- >Keith Mastin BeechTree Information Technology Services Inc. >137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca > (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >------------------------------------------------------- >(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >Archive: http://www.mail-archive.com/[email protected]/ > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >------------------------------------------------------- >(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >Archive: http://www.mail-archive.com/[email protected]/ > -- Keith Mastin BeechTree Information Technology Services Inc. 137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
