Date: Wed, 10 Dec 2003 23:55:55 +0100 From: "Slawek" <sgp@telsatgp.com.pl> To: <security@freebsd.org> Subject: Re: s/key authentication for Apache on FreeBSD? Message-ID: <003401c3bf70$c4b90cd0$0505a8c0@Slawek> References: <6.0.0.22.2.20031210115335.04c2fc50@localhost>
index | next in thread | previous in thread | raw e-mail
Brett Glass wrote: > I'm constructing a Web server which may require restricted areas > of the site to be used from public places where a password might > be sniffed. The damage that could be done by taking snapshots of > the content from one session with a spy program is minimal. What > the owner of the server does NOT want, though, is to allow unauthorized > parties to gain unfettered access by stealing the password via > a key sniffer. Be warned that an attacker would probably be able to issue more commands after user thinks he has logged out (when user used compromised machine). Slawekhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401c3bf70$c4b90cd0$0505a8c0>