[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Date: Wed, 18 Jun 2008 22:11:22 +0100

> There are definitely hashing schemes that add to 
> the security of a password in transit.

Your examples use a badly configured SSL implementation to justify
themselves though.  Adding additional cryptography (by hashing the
password) as some form of alternative to setting up your server properly
is flawed logic.  

Fix the problem, not the symptom (kick the ball, not the player).

Martin...

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
  - From: Ivan Ristic
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
  - From: Oliver Lavery

Prev by Date: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Next by Date: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Previous by thread: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Next by thread: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site