Subject:
|
Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sat, 22 Apr 2000 16:22:41 GMT
|
Viewed:
|
2894 times
|
| |
|
|
In lugnet.admin.general, Todd Lehman writes:
> In lugnet.admin.general, Richard Franks writes:
> > Even if you have great passwords - can't just anyone in the intervening
> > networks between the user and LUGNET just snoop in and copy down the
> > unencrypted password?
> As long as it's using http and not https, yes. Once it's in a cookie, it's
> no longer plaintext, so it's less susceptible to snooping although still
> susceptible to playback attacks.
Aren't the contents of a cookie simply Base64-encoded? I mean, it's a
wel-known and reversable format.
Cheers,
- jsproat
|
|
Message has 2 Replies:
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
