[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Date: Thu, 19 Jun 2008 07:04:01 +0100

> It's mildly troubling to hear 
> the contrary so forcefully defended.

LOL; all your examples have used a broken SSL implementation to justify
layering on hashing.  

Martin...

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
  - From: Alex Stamos
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
  - From: Oliver Lavery

Prev by Date: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Next by Date: RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Previous by thread: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Next by thread: RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site