Re: Portmaster RADIUS Users Digest V96 #187

Gary Bickford (garyb@outlawnet.com)
Tue, 22 Oct 1996 23:06:20 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Masakazu Katsuragi: "undescribed"
Previous message: Stavros Patiniotis: "RADIUS - port restriction"

>> > Good piece of work! Just one question, how can one prevent the leaking of
>> > password data from the client entry?
>>
>> Thanks for the kind words! Hmm... I guess that would be my only
>> security problem. Well that made me think.. how bout make it a SSL
>> page? Hmm.. But when does it begin to secure the connections? I will
>> look into this tommorow.
>>
>> > Thatis some sniffing at the port and looking for unencrypted password
>> > flow to the web server!

You could use Javascript or Java on the client to perform some basic
encryption - this would keep out the teenagers at least. (Does Java
include tools to support PGP or something equivalent?)

The other would be to use the SSL protocol - I believe that is encrypted
for transmission by the browser.

end | Gary Bickford <garyb@fxt.com>
--+-- FXT Corp. / Informat Communications
| 541-923-3060
| fax 541-923-5537

Next message: Masakazu Katsuragi: "undescribed"
Previous message: Stavros Patiniotis: "RADIUS - port restriction"