Subject:
|
Re: Some suggestions regarding post authentication
|
Newsgroups:
|
lugnet.admin.suggestions
|
Date:
|
Thu, 4 Apr 2002 23:10:39 GMT
|
Viewed:
|
1457 times
|
| |
![Post a public reply to this message](/news/icon-reply.gif) | |
"William R Ward" <bill@wards.net> wrote in message
news:m2bsczs5lj.fsf@komodo.home.wards.net...
> When you log in to LUGNET's web server, the username and password are
> passed in clear text. It's no different than NNTP.
True, but you log in once and then a cookie id is used to track you through
the site (I don't want to start a discussion on the merits of cookies - I
personally love cookies when it comes to passing just a session id, that how
many of my web sites work). With NNTP plain text auth the name and password
are passed on every connection to the news server - so if you NNTP reader
doesn't hold the connection open then the auth details are passed every time
you download a message to read and every time you post a message. The
likelihood of anyone obtaining the details is extremely remote, but I
thought I'd mention it as someone always does (I run a few e-commerce sites
so I know how paranoid some people can be about passwords).
Dan
|
|
Message is in Reply To:
4 Messages in This Thread: ![Some suggestions regarding post authentication -William R. Ward (3-Apr-02 to lugnet.admin.suggestions)](/news/x.gif) ![](/news/46.gif) ![Re: Some suggestions regarding post authentication -Daniel Crichton (4-Apr-02 to lugnet.admin.suggestions)](/news/x.gif) ![](/news/46.gif) ![Re: Some suggestions regarding post authentication -William R. Ward (4-Apr-02 to lugnet.admin.suggestions)](/news/x.gif) ![](/news/46.gif) ![You are here](/news/here.gif)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|