Subject:
|
Re: Some suggestions regarding post authentication
|
Newsgroups:
|
lugnet.admin.suggestions
|
Date:
|
Thu, 4 Apr 2002 23:10:39 GMT
|
Viewed:
|
1457 times
|
| |
|
|
"William R Ward" <bill@wards.net> wrote in message
news:m2bsczs5lj.fsf@komodo.home.wards.net...
> When you log in to LUGNET's web server, the username and password are
> passed in clear text. It's no different than NNTP.
True, but you log in once and then a cookie id is used to track you through
the site (I don't want to start a discussion on the merits of cookies - I
personally love cookies when it comes to passing just a session id, that how
many of my web sites work). With NNTP plain text auth the name and password
are passed on every connection to the news server - so if you NNTP reader
doesn't hold the connection open then the auth details are passed every time
you download a message to read and every time you post a message. The
likelihood of anyone obtaining the details is extremely remote, but I
thought I'd mention it as someone always does (I run a few e-commerce sites
so I know how paranoid some people can be about passwords).
Dan
|
|
Message is in Reply To:
4 Messages in This Thread:
  
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
