Re: PServer authentication

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PServer authentication

From:	Greg A. Woods
Subject:	Re: PServer authentication
Date:	Fri, 13 Oct 2000 11:46:35 -0400 (EDT)

[ On Friday, October 13, 2000 at 10:42:17 (-0400), Larry Jones wrote: ]
> Subject: Re: PServer authentication
>
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account.  pserver is only a security problem when you
> want to allow access to untrusted users.

Maybe not!  Pserver is wide open to man-in-the-middle, replay, spoofing,
and sniffing attacks too.

Between 80% and 90% of all security problems are internal (i.e. they lie
within the boundaries of the firewall and thus pserver is wide open to
their shenanigans).

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>      <robohack!woods>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

PServer authentication, Martin Foster, 2000/10/12
- Re: PServer authentication, Mike Castle, 2000/10/12
  - Re: PServer authentication, Martin Foster, 2000/10/12
    - Re: PServer authentication, Larry Jones, 2000/10/13
  - Re: PServer authentication, Larry Jones, 2000/10/13
    - Re: PServer authentication, Martin Vogt, 2000/10/13
    - Re: PServer authentication, Larry Jones, 2000/10/13
    - Re: PServer authentication, Mike Castle, 2000/10/13
    - Re: PServer authentication, Greg A. Woods <=
    - Re: PServer authentication, Derek R. Price, 2000/10/17

Prev by Date: Re: PServer authentication
Next by Date: Re: CVS for System Administration and Configuration Restoral
Previous by thread: Re: PServer authentication
Next by thread: Re: PServer authentication
Index(es):
- Date
- Thread