[3619] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (Damien Miller)
Sun Nov 24 01:49:35 1996
Date: Sun, 24 Nov 1996 15:33:16 +1100 (EST)
From: Damien Miller <dmiller@vitnet.com.sg>
To: WWW Security Mailing List <www-security@ns2.rutgers.edu>
In-Reply-To: <199611222207.RAA17149@sumac.digex.net>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 22 Nov 1996, Matt Mosley wrote:
>
> On November 21, sameer@c2.net wrote:
>
> > >
> > > IP spoofing is very easy to do with .htaccess files, especially within an
> > > intranet (people on same subnets). Using passwords would be more
> > > secure than IP addresses (or machine names) but again, people could
> > > sniff the passwords off the wire as they are sent in clear-text.
> >
> > Use SSL and client certs. Secure, powerful, and flexible.
>
> I'd hardly call SSL "secure".
Please explain what vunerabilities exist in SSL.
| Damien Miller -
| Email: dmiller@vitnet.com.sg (PGP and MIME ok)
| WWW: http://www.vitnet.com.sg/dmiller
| PGP public key: send me an email with "send file pgp_key" as the subject
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBMpfP+brHgZ2SMrItAQG/igf6A8O0sRHtIiHASvbrAsSYtFQtEQfwte3v
l2/Zmypw6QFDnzMNTh0gwX0YRIJeWhjQatGfQIxDqEs46A6qJvLkvq/tW4/ASVMV
3gfea+zQAX9txAafiQCFG4IUZA9B+uJ4+l5/1FanGTezaBDYxBe53FTlQLUZ0sJ9
YY4D6fHsAs8jyYla1vTPw0gQqOwD2VHFVDd504YI44Ss3y3Foba3KcoCs82JavTf
uM66fFW8GoqA7WW2C18Az4zRc3OJdnuw/c6g8nJuYlpe26sQzGhfs74Oo34lfVLS
o0dlq9f358dj7Rcukybtsqevop+In6R+LJRyg8c0MLKnkKA78znRzA==
=ivfY
-----END PGP SIGNATURE-----
