Security Basics mailing list archives
Re: Transmitting Sensitive Information between Servers
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 8 Sep 2008 22:13:40 +0200
On 2008-09-08 Basha, Arif wrote:
We have a policy to not pass user name/password, etc in clear between servers within our DMZ.
Passwords should never be transmitted in the clear. I wouldn't worry too much about usernames, though, as they tend to be predictible anyway.
Is this being too pedantic?
Hardly. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: DMZ Web Servers, (continued)
- Re: DMZ Web Servers Rob (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Re: DMZ Web Servers David Glosser (Sep 08)
- RE: DMZ Web Servers Lafosse, Ricardo (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
- Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
- RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
- Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- RE: Transmitting Sensitive Information between Servers David Gillett (Sep 11)
- Re: DMZ Web Servers Rob (Sep 08)
- TrueCrypt Basiru Ndow (Sep 10)
- Re: TrueCrypt Marc-André Laverdière (Sep 11)