Re: URL coding : ftp passwords in clear!

From: Leigh Porter <[email protected]>
Date: Wed, 09 Jul 1997 09:28:49 +0100

Francis Mouthaud wrote:

> I hope that squid Squid will be smarter very soon because it is a real
>
> security problem.
>
> Just look at this: http://www.ntshop.net/security/ns4.htm
>

I just read this and do not see what squid has to do with Netscape
storingthe password in it's own logfile!

Yes, storing them in squid is perhaps not the best idea, especially in
plain text
but then again sending a password in URL is kinda like getting credit
card
details using the GET method - i.e. a bit silly really :)

I am sure squid could easily filter out ftp://usr:passwd@host.tld and
not log it.

--
Leigh Porter
Received on Wed Jul 09 1997 - 01:26:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST