> So, if you have an authentication service exposed to the ipv4 > internet (or to the ipv6 internet with a findable address), and > your authid or a known or guessable userid has a weak enough > password to succumb to a dictionary search, it's probably right > to say that a random attacker could make a cpu connection or > mount your file service with an afternoon's work on consumer > hardware.
not only will they be able to make the connection, but they will be authenticated as a user that is probably more permissive than the 'none' user. for all the newbies reading this thread, this is the second reminder to read the auth paper. it is truly excellent ;) ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-Md3a8fecbefcca9c49ceeb87e Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
