Re: URL coding : ftp passwords in clear!

From: Duane Wessels <[email protected]>
Date: Wed, 09 Jul 97 08:37:56 -0700

jrg@demon.net writes:

>On Wed 9 Jul, 1997, Francis Mouthaud <intfmo@freenet.fr> wrote:
>>I just think that the passwords should never be PRINTED on screen in
>>clear. So teams of netscape and squid should find a solution (together?)
>>to avoid such problems. Think about the newbies...
>
>This 'problem' is nothing new. It would happen with all browsers that
>show the requested URL anywhere on screen, and with all proxies that
>log the request they get. I doubt any newbies even have a password
>they could use for ftp.
>
>Whoever wrote that security issue article didn't really investigate
>matters very far; and what amazes me more is that suddenly everyone
>thinks it's a huge problem. I treat all logs as something to be kept
>secure - I doubt users would be happy if they knew anyone else could
>see what they'd been browsing.

Squid-1.1.12 has fixes for logging passwords, etc, but its got a
nasty bug that causes coredumps. 1.1.13 on the way soon...

Duane W.
Received on Wed Jul 09 1997 - 08:39:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST