This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
Deprecation of the MAIL-FROM auth scheme
- Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
- Next message (by thread): Flap Viewer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Christoph Kuhles / Aquatix RIPE services
ripe at aquatix.de
Mon Mar 25 15:23:55 CET 2002
Dear Andrei & list, talking about a secure database, I wonder why the crypted password is shown when using CRYPT-PW as authentication scheme? While it might take long to get the clear-text password using brute force or dictionary attacks, it is still possible. Why not patch the whois server so it doesn't show the crypted password and hence make hijacking of objects impossible by bruteforcing a maintainer password? Best regards Christoph Kuhles Managing Director Aquatix IT-Services e.K. Monday, March 25, 2002, 1:58:10 PM, you wrote: AR> Please find enclosed the migration plan to a more secure database.
- Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
- Next message (by thread): Flap Viewer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]