[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PServer authentication

From: Greg A. Woods
Subject: Re: PServer authentication
Date: Fri, 13 Oct 2000 11:46:35 -0400 (EDT)

[ On Friday, October 13, 2000 at 10:42:17 (-0400), Larry Jones wrote: ]
> Subject: Re: PServer authentication
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account.  pserver is only a security problem when you
> want to allow access to untrusted users.

Maybe not!  Pserver is wide open to man-in-the-middle, replay, spoofing,
and sniffing attacks too.

Between 80% and 90% of all security problems are internal (i.e. they lie
within the boundaries of the firewall and thus pserver is wide open to
their shenanigans).

                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>      <robohack!woods>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]