[4238] in WWW Security List Archive
Re: adduser web page
daemon@ATHENA.MIT.EDU (Johannes Ullrich)
Sun Feb 2 18:32:57 1997
Date: Sun, 02 Feb 1997 15:53:08 -0500
To: www-security@ns2.rutgers.edu
From: Johannes Ullrich <jullrich@xos.com>
Errors-To: owner-www-security@ns2.rutgers.edu
At 08:59 AM 1/28/97 -0500, you wrote:
>I would check with NETCOM (isp)(http://www.ix.netcom.com/) I'm pretty sure
>they do that... I think that's the www site but if it is not get rid of the
>ix.
>
Yes. Netcom uses a Web page to change your SLIP/PPP account password.
I prefer it over the 'telnet -> shell' method my other ISP uses. Netcom
uses some basic security measures:
- you have to be logged in from a netcom dialin point.
- you have to nter you old password before you get acces to the
password change page.
- it uses a secure page.
I think this is far superior to the telnet version which uses unencryptet
transfer.
Another point: Many users these days have no idea about Unix, telnet and
passwd. They will never change the password if it can not be done easily.
------- jullrich@xos.com -------------- http://www.xos.com/ ------------
Johannes Ullrich | phone: ++1 (518) 442 3394 (direct)
X-Ray Optical Systems, Inc. | 5250 (main)
90 Fuller Rd. | 2632 (voice mail)
Albany, NY 12205 USA | FAX: ++1 (518) 442 5292
