[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PServer authentication
From: |
Greg A. Woods |
Subject: |
Re: PServer authentication |
Date: |
Fri, 13 Oct 2000 11:46:35 -0400 (EDT) |
[ On Friday, October 13, 2000 at 10:42:17 (-0400), Larry Jones wrote: ]
> Subject: Re: PServer authentication
>
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account. pserver is only a security problem when you
> want to allow access to untrusted users.
Maybe not! Pserver is wide open to man-in-the-middle, replay, spoofing,
and sniffing attacks too.
Between 80% and 90% of all security problems are internal (i.e. they lie
within the boundaries of the firewall and thus pserver is wide open to
their shenanigans).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <address@hidden> <robohack!woods>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>