Re: URL coding : ftp passwords in clear!

From: Daniel Schroder <daniel@dont-contact.us>
Date: Wed, 9 Jul 1997 13:07:05 +0200 (SAT)

  I've just read the sight.
  chmod 740 cache and logs ?
  What I've done for now.
  And adding everyone who might need access to
  "nobody".
  A better suggestion would be welcome :)

--Daniel Schroder
  Networld
  http://livewire.new.co.za (F) 419 4212
  mailto:daniel@new.co.za (T) 419 4430

On Wed, 9 Jul 1997, Leigh Porter wrote:

> Francis Mouthaud wrote:
>
> > I hope that squid Squid will be smarter very soon because it is a real
> >
> > security problem.
> >
> > Just look at this: http://www.ntshop.net/security/ns4.htm
> >
>
> I just read this and do not see what squid has to do with Netscape
> storingthe password in it's own logfile!
>
> Yes, storing them in squid is perhaps not the best idea, especially in
> plain text
> but then again sending a password in URL is kinda like getting credit
> card
> details using the GET method - i.e. a bit silly really :)
>
> I am sure squid could easily filter out ftp://usr:passwd@host.tld and
> not log it.
>
> --
> Leigh Porter
>
Received on Wed Jul 09 1997 - 04:07:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST