Re: s/key authentication for Apache on FreeBSD?

From: Slawek (sgp_at_telsatgp.com.pl)
Date: 12/10/03

Next message: Brett Glass: "Re: s/key authentication for Apache on FreeBSD?"

Previous message: Jason Stone: "Re: s/key authentication for Apache on FreeBSD?"
In reply to: Brett Glass: "s/key authentication for Apache on FreeBSD?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <security@freebsd.org>
Date: Wed, 10 Dec 2003 23:55:55 +0100

Brett Glass wrote:

> I'm constructing a Web server which may require restricted areas
> of the site to be used from public places where a password might
> be sniffed. The damage that could be done by taking snapshots of
> the content from one session with a spy program is minimal. What
> the owner of the server does NOT want, though, is to allow unauthorized
> parties to gain unfettered access by stealing the password via
> a key sniffer.

Be warned that an attacker would probably be able to issue more
commands after user thinks he has logged out (when user used
compromised machine).

Slawek

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Brett Glass: "Re: s/key authentication for Apache on FreeBSD?"

Previous message: Jason Stone: "Re: s/key authentication for Apache on FreeBSD?"
In reply to: Brett Glass: "s/key authentication for Apache on FreeBSD?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]