Hallo Brane, I'm actually a K-13 student, and so in my 'strategic' position I'm on both sides, admin of debian box and 3v1l cracker :)
No, well.. I was just kidding, I have really better things to do than actually cracking Debian boxes in pubblic environments, but anyway I what do you think about using https for .htaccess authentication ? With https data will be encripted and it's impossible to find out login and password because they're not sent over the net in a clear way. Consider using https. Good work and protect your boxes ! - Ivo On Thu, Apr 25, 2002 at 09:09:03PM -0600, Schusselig Brane wrote: > Tom Dominico wrote: > > > > Hello all, > > > > I have written some php-based internal systems for our users. Users are > > required to authenticate to access this system, and their login > > determines what they are allowed to do within the system. I am > > concerned that their logging in with cleartext passwords is a security > > risk. I work in a K-12 school enviroment, and many of these students > > are rather devious and resourceful (as I was at that age :) ). My fear > > is some bright student setting a sniffer up on my network and gleaning > > passwords from it. > > > > I am wondering if any of you have had similar problems. What is a more > > secure way for people to login? Is SSL an option, and if so, how do I > > go about using it? Do I have to purchase a certificate? Or is there > > some other option? Finally, should I be using .htaccess at all, or is > > there a better way? Thank you in advance for your advice. > > Another option would be to run switches instead of normal hub or bus > topology. Switches tend not to allow other nodes on a network to see > data that is passing over it. However, it will more than likely prove to > be a PITA to convince budget makers to allow the expense of the new > equipment. > > Useless input, I know. But, I didn't see anyone else mention this. As a > side note, if your installation is new enough, switches may already be > in place, and you don't have much to worry about as far as stuff getting > sniffed off the network. That is, of course, if the network was designed > with that in mind. > > -Will Wesley, CCNA > To make tax forms true they should read "Income Owed Us" and "Incommode > You". > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
