p.s.
I'm only familiar with a small amount of packet sniffers. They can only sniff
packets sent or received by the local network. they cannot sniff packets sent or
received from one remote network to another remote network. Do you have one that
can?
Greg
-----Original Message-----That works for machine or network access control. There still exists the problem that HTTP passwords are transferred in plain text. A simple protocol sniffer can extract them. For real security, the connection must be encrypted. That's why I prefer HTTPS.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Noel Henson
Sent: Sunday, August 11, 2002 4:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [SL] SQL Ledger and Security
Gregory Malsack wrote:
Hi All, I use the allow option in the httpd.conf file to limit access to the sql-ledger location to only my network and other networks that I trust. Then if I'm at a client site where I don't trust the connection, I use putty to get an ssh connection to my server and run the software through lynx. It's not pretty but it works. I think that is pretty secure. Let me know if I'm wrong. Greg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keith Mastin Sent: Sunday, August 11, 2002 1:15 PM To: [EMAIL PROTECTED] Subject: Re: [SL] SQL Ledger and Security Then you are not using encryted passwords. My six figure password comes back as 10 figures, and they are all wrong, in character/letter/numeral as well as case.I already thinked about the SSL or https solution, but: Just place the mouse on any link on the sidebar menu. You will see your password again! Everyone with access to your computer can see that. Is very easy to hack anyway. Antonio Gallardo El Domingo, 11 de Agosto de 2002 00:07, John Summerfield escribi�:On Sun, 11 Aug 2002 12:35, Antonio Gallardo Rivera wrote:How: With a TCP/IP packet sniffer someone can check the responses from theWebServer inside your LAN or Internet. When the Web Client is receivingthemenu sidebar, there are many time the username and password in plain text!It's worse, of course, when you access your accounts from clients' sitesorthrough other places not under your control.Resolution: First: I am not a security expert to tell exactly how to resolve this problem. May be using encrypted password or some kind of session cokies can help us. I saw some encrypt libraries in Perl.https I guess. In the short term, use the ssh command (or similar) to connect to a safe box (maybe the server) and process transactions thatway.Depending on your setup you might still be able to use a GUI browser such as Mozilla, or you may need to use lynx or links.------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/-- Keith Mastin BeechTree Information Technology Services Inc. 137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
