Hi All,
I use the allow option in the httpd.conf file to limit access to the
sql-ledger location to only my network and other networks that I trust. Then
if I'm at a client site where I don't trust the connection, I use putty to
get an ssh connection to my server and run the software through lynx. It's
not pretty but it works. I think that is pretty secure. Let me know if I'm
wrong.
Greg
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Mastin
Sent: Sunday, August 11, 2002 1:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [SL] SQL Ledger and Security
Then you are not using encryted passwords. My six figure password comes
back as 10 figures, and they are all wrong, in character/letter/numeral as
well as case.
>I already thinked about the SSL or https solution, but:
>
>Just place the mouse on any link on the sidebar menu. You will see your
>password again! Everyone with access to your computer can see that. Is very
>easy to hack anyway.
>
>Antonio Gallardo
>
>
>El Domingo, 11 de Agosto de 2002 00:07, John Summerfield escribi�:
>> On Sun, 11 Aug 2002 12:35, Antonio Gallardo Rivera wrote:
>> > How:
>> > With a TCP/IP packet sniffer someone can check the responses from the
Web
>> > Server inside your LAN or Internet. When the Web Client is receiving
the
>> > menu sidebar, there are many time the username and password in plain
>> > text!
>>
>> It's worse, of course, when you access your accounts from clients' sites
or
>> through other places not under your control.
>>
>> > Resolution:
>> > First: I am not a security expert to tell exactly how to resolve this
>> > problem. May be using encrypted password or some kind of session cokies
>> > can help us. I saw some encrypt libraries in Perl.
>>
>> https I guess. In the short term, use the ssh command (or similar) to
>> connect to a safe box (maybe the server) and process transactions that
way.
>>
>> Depending on your setup you might still be able to use a GUI browser such
>> as Mozilla, or you may need to use lynx or links.
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>-------------------------------------------------------
>(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users
>Archive: http://www.mail-archive.com/[email protected]/
>
--
Keith Mastin BeechTree Information Technology Services Inc.
137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca
(416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-------------------------------------------------------
(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users
Archive: http://www.mail-archive.com/[email protected]/
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-------------------------------------------------------
(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users
Archive: http://www.mail-archive.com/[email protected]/
