On Fri, 2009-08-07 at 14:07 -0600, Michael Torrie wrote: > Actually I should add that it can't be a man-in-the-middle attack > because it is not transparent (ie he has to manually browse to the proxy > page). And no one is attacking anyone.
It is transparent. Most people won't understand the implications of using their lds.org login to access his app. "The Surgeon General warns that I can see your password. I might be storing it, I might be using it myself late at night for grins and giggles, I might be making it easy for other to get a copy or your password from me. You'll never know because now that I know your password, I own you!" It is also violating the Churches apparent intention for the data to remain private. A proxy would shuttle raw encrypted bytes. A MITM can see the data, a proxy can't. -- "XML is like violence: if it doesn't solve your problem, you aren't using enough of it." - Chris Maden -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
