Security Basics: Re: Transmitting Sensitive Information between Servers

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Transmitting Sensitive Information between Servers

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 8 Sep 2008 22:13:40 +0200

On 2008-09-08 Basha, Arif wrote:

We have a policy to not pass user name/password, etc in clear between
servers within our DMZ.


Passwords should never be transmitted in the clear. I wouldn't worry too
much about usernames, though, as they tend to be predictible anyway.

Is this being too pedantic?


Hardly.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

By Date By Thread

Current thread:

Transmitting Sensitive Information between Servers, (continued)
- Re: DMZ Web Servers krymson (Sep 08)