ssh is pretty strong encrytion. Passwords are also send through an encrypted connection. Good luck cracking into it with anything less than a bulldozer.
>That works for machine or network access control. There still exists the >problem that HTTP passwords are transferred in plain text. A simple >protocol sniffer can extract them. For real security, the connection >must be encrypted. That's why I prefer HTTPS. > >Gregory Malsack wrote: > >>Hi All, >> >> I use the allow option in the httpd.conf file to limit access to the >>sql-ledger location to only my network and other networks that I trust. Then >>if I'm at a client site where I don't trust the connection, I use putty to >>get an ssh connection to my server and run the software through lynx. It's >>not pretty but it works. I think that is pretty secure. Let me know if I'm >>wrong. >> >>Greg >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Mastin >>Sent: Sunday, August 11, 2002 1:15 PM >>To: [EMAIL PROTECTED] >>Subject: Re: [SL] SQL Ledger and Security >> >> >>Then you are not using encryted passwords. My six figure password comes >>back as 10 figures, and they are all wrong, in character/letter/numeral as >>well as case. >> >> >> >>>I already thinked about the SSL or https solution, but: >>> >>>Just place the mouse on any link on the sidebar menu. You will see your >>>password again! Everyone with access to your computer can see that. Is very >>>easy to hack anyway. >>> >>>Antonio Gallardo >>> >>> >>>El Domingo, 11 de Agosto de 2002 00:07, John Summerfield escribi�: >>> >>> >>>>On Sun, 11 Aug 2002 12:35, Antonio Gallardo Rivera wrote: >>>> >>>> >>>>>How: >>>>>With a TCP/IP packet sniffer someone can check the responses from the >>>>> >>>>> >>Web >> >> >>>>>Server inside your LAN or Internet. When the Web Client is receiving >>>>> >>>>> >>the >> >> >>>>>menu sidebar, there are many time the username and password in plain >>>>>text! >>>>> >>>>> >>>>It's worse, of course, when you access your accounts from clients' sites >>>> >>>> >>or >> >> >>>>through other places not under your control. >>>> >>>> >>>> >>>>>Resolution: >>>>>First: I am not a security expert to tell exactly how to resolve this >>>>>problem. May be using encrypted password or some kind of session cokies >>>>>can help us. I saw some encrypt libraries in Perl. >>>>> >>>>> >>>>https I guess. In the short term, use the ssh command (or similar) to >>>>connect to a safe box (maybe the server) and process transactions that >>>> >>>> >>way. >> >> >>>>Depending on your setup you might still be able to use a GUI browser such >>>>as Mozilla, or you may need to use lynx or links. >>>> >>>> >>>------------------------------------------------------- >>>This sf.net email is sponsored by:ThinkGeek >>>Welcome to geek heaven. >>>http://thinkgeek.com/sf >>>------------------------------------------------------- >>>(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >>>Archive: http://www.mail-archive.com/[email protected]/ >>> >>> >>> >> >>-- >>Keith Mastin BeechTree Information Technology Services Inc. >>137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca >> (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] >> >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>------------------------------------------------------- >>(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >>Archive: http://www.mail-archive.com/[email protected]/ >> >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>------------------------------------------------------- >>(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users >>Archive: http://www.mail-archive.com/[email protected]/ >> >> >> > > -- Keith Mastin BeechTree Information Technology Services Inc. 137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
