jrg@demon.net writes:
>On Wed 9 Jul, 1997, Francis Mouthaud <intfmo@freenet.fr> wrote:
>>I just think that the passwords should never be PRINTED on screen in
>>clear. So teams of netscape and squid should find a solution (together?)
>>to avoid such problems. Think about the newbies...
>
>This 'problem' is nothing new. It would happen with all browsers that
>show the requested URL anywhere on screen, and with all proxies that
>log the request they get. I doubt any newbies even have a password
>they could use for ftp.
>
>Whoever wrote that security issue article didn't really investigate
>matters very far; and what amazes me more is that suddenly everyone
>thinks it's a huge problem. I treat all logs as something to be kept
>secure - I doubt users would be happy if they knew anyone else could
>see what they'd been browsing.
Squid-1.1.12 has fixes for logging passwords, etc, but its got a
nasty bug that causes coredumps. 1.1.13 on the way soon...
Duane W.
Received on Wed Jul 09 1997 - 08:39:48 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST