Penetration Testing mailing list archives
Re: username and Password sent as clear text strings
From: Orlin Gueorguiev <orlin () baturov com>
Date: Sun, 18 May 2008 18:53:43 +0200
Hi Arvind, На Sunday 18 May 2008 07:59:44 arvind doraiswamy написа:
Hey John, I think this is a very common problem and after reading through everything on this thread there's just 2 things that come to mind: 1) What you said -- Usage of IPSec end to end. Wouldn't that mean that everyone who accesses this application(read internal users) also have to use IPsec? You might want to look at whether the internal switches/backbone is good enough to take that load or at least mention the same to the client.
What load do you mean? The routers/switches see this as data, nothing else. The increase of the data (after beeing encrypted) depends on the algorithm, but as far as I know it is neglectable. Orlin ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: username and Password sent as clear text strings, (continued)
- Re: username and Password sent as clear text strings David Howe (May 23)
- Re: username and Password sent as clear text strings christopher . riley (May 15)
- Re: username and Password sent as clear text strings jfvanmeter (May 15)
- RE: username and Password sent as clear text strings jfvanmeter (May 15)
- RE: username and Password sent as clear text strings dseth (May 15)
- RE: username and Password sent as clear text strings jfvanmeter (May 16)
- Re: username and Password sent as clear text strings jfvanmeter (May 16)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 17)
- Re: username and Password sent as clear text strings jfvanmeter (May 16)
- Re: username and Password sent as clear text strings arvind doraiswamy (May 18)
- Re: username and Password sent as clear text strings Orlin Gueorguiev (May 18)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 18)
- RE: username and Password sent as clear text strings Marvin Simkin (May 19)
- Re: username and Password sent as clear text strings jfvanmeter (May 19)
- Re: username and Password sent as clear text strings christopher . riley (May 19)
- Re: username and Password sent as clear text strings jfvanmeter (May 21)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 22)
- RE: username and Password sent as clear text strings John Babio (May 22)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 22)
- Re: username and Password sent as clear text strings jfvanmeter (May 21)
- Re: username and Password sent as clear text strings arvind doraiswamy (May 21)
- RE: username and Password sent as clear text strings jfvanmeter (May 22)