Security Basics mailing list archives
Re: Transmitting Sensitive Information between Servers
From: Chris Benedict <chrisbdaemon () gmail com>
Date: Mon, 8 Sep 2008 16:21:04 -0500
You should never transmit username and/or password in clear over any kind of network connection because it can be sniffed.
If you have to transmit the data then you should use some kind of encryption like SSL or IPSec.
On Sep 8, 2008, at 11:48 AM, Basha, Arif wrote:
We have a policy to not pass user name/password, etc in clear between servers within our DMZ. Is this being too pedantic? I would be interested to hear how others have this implemented? Thanks. Arif
Current thread:
- Re: DMZ Web Servers, (continued)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Re: DMZ Web Servers David Glosser (Sep 08)
- RE: DMZ Web Servers Lafosse, Ricardo (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
- Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
- RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
- Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- RE: Transmitting Sensitive Information between Servers David Gillett (Sep 11)
- TrueCrypt Basiru Ndow (Sep 10)
- Re: TrueCrypt Marc-André Laverdière (Sep 11)