From owner-cvs-all Thu Apr 5 6:35:35 2001 Delivered-To: cvs-all@freebsd.org Received: from quack.kfu.com (quack.kfu.com [205.178.90.194]) by hub.freebsd.org (Postfix) with ESMTP id 5BA0637B507; Thu, 5 Apr 2001 06:35:29 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from morpheus.kfu.com (morpheus.kfu.com [205.178.90.226]) by quack.kfu.com (8.11.1/8.11.1) with ESMTP id f35DZTh81792; Thu, 5 Apr 2001 06:35:29 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from quack.kfu.com (localhost [127.0.0.1]) by morpheus.kfu.com (8.11.3/8.11.3) with ESMTP id f35DZSv36901; Thu, 5 Apr 2001 06:35:29 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Message-ID: <3ACC74A0.7000304@quack.kfu.com> Date: Thu, 05 Apr 2001 06:35:28 -0700 From: Nick Sayer User-Agent: Mozilla/5.0 (X11; U; FreeBSD 4.3-RC i386; en-US; 0.8) Gecko/20010313 X-Accept-Language: en-GB, en-US, en MIME-Version: 1.0 Cc: Assar Westerlund , cvs-committers@freebsd.org, cvs-all Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile References: <200104050037.f350b7t89955@freefall.freebsd.org> <3ACC0695.4010603@quack.kfu.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG By the way, lest anyone forget, all of this functionality we're talking about isn't even the default for telnet. You actually have to *ask* for it (telnet -a) to do an automatic login. IMHO allowing this to proceed without at least ROT13ing ( :-) ) the authentication data does not meet POLA guidelines. It's even worse than that, though, since plaintext is used *without any warning*, which doesn't even allow the user a chance to be astonished (unless he finds out someone sniffed his credentials). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message