Subject:
|
Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sat, 22 Apr 2000 04:49:53 GMT
|
Viewed:
|
2614 times
|
| |
|
|
In lugnet.admin.general, Richard Franks writes:
> In lugnet.admin.general, Todd Lehman writes:
> > having a password validator that doesn't suck is IMHO a fundamental
> > prerequisite to allowing passwords to be changed. Anything less is
> > irresponsible.
>
> Even if you have great passwords - can't just anyone in the intervening
> networks between the user and LUGNET just snoop in and copy down the
> unencrypted password?
As long as it's using http and not https, yes. Once it's in a cookie, it's
no longer plaintext, so it's less susceptible to snooping although still
susceptible to playback attacks.
--Todd
|
|
Message has 1 Reply:
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
