From owner-freebsd-isp Mon Mar 13 21:39:52 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.tcworks.net (ns.tcworks.net [216.61.218.2]) by hub.freebsd.org (Postfix) with ESMTP id D295337B5D8 for ; Mon, 13 Mar 2000 21:39:49 -0800 (PST) (envelope-from ccook@tcworks.net) Received: from tcworks.net (xcess@stuck.sticky.org [216.61.218.6]) by ns.tcworks.net (8.9.2/8.9.2) with ESMTP id XAA65632; Mon, 13 Mar 2000 23:36:52 -0600 (CST) (envelope-from ccook@tcworks.net) Message-ID: <38CDD173.EEB690BD@tcworks.net> Date: Mon, 13 Mar 2000 23:43:15 -0600 From: Chris Cook X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Leif Neland Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Is passwords send to auth webpages secure? References: <010f01bf8d42$efda91e0$0e00a8c0@neland.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Leif Neland wrote: > > > Now I have been asked if the passwords from browser to squid is sent in cleartext, so it can be sniffed? I have tried sniffing passwords like this before as a test, and they always showed up as scrambled (unreadable). I am assuming that my browser (Netscape 4.6/FreeBSD) was using some sort of mild encryption to send the username/login. More info on this would be neat, but you should invest in some switches anyways. Hasto... -- Chris o----< ccook@tcworks.net >----------------------------------------o |Chris Cook - Technician | TCWORKS.NET - http://www.tcworks.net | |The Computer Works | FreeBSD - http://www.freebsd.org | o-----------------------------------------------------------------o To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message