This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
Deprecation of the MAIL-FROM auth scheme
- Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
- Next message (by thread): Minutes from RIPE-41
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Christoph Kuhles / Aquatix RIPE services
ripe at aquatix.de
Mon Apr 1 00:38:28 CEST 2002
Dear Andrei & list, talking about a secure database, I wonder why the crypted password is shown when using CRYPT-PW as authentication scheme? While it might take long to get the clear-text password using brute force or dictionary attacks, it is still possible. Why not patch the whois server so it doesn't show the crypted password and hence make hijacking of objects impossible by bruteforcing a maintainer password? Best regards Christoph Kuhles Managing Director Aquatix IT-Services e.K. Monday, March 25, 2002, 1:58:10 PM, you wrote: AR> Please find enclosed the migration plan to a more secure database.
- Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
- Next message (by thread): Minutes from RIPE-41
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]