Re: A more secure form of .htaccess?
Gareth Bowker wrote:
>If someone's already logged in, and they visit a webpage on the same domain
>which asks for a username and password for the same realm as the one used
to
>log in, the browser will send the username/password pair without asking the
>user for any confirmation.
>At least I assume that's what Dan meant above and I assume that that would
>happen (I haven't tried it myself).
Yep... Thats what i meant... The browser will retransmit the username and
password with every request while youre roaming the same realm.. All you'd
have to do is make a page identify itself with the same realm-name and then
log the username and password.
Martin wrote (on the subject of switches):
> you know their algorithm against MAC table overflow?
No i dont.. I would be very interrested in reading about it, if you know of
a link.. Im sure that it would be possible to enforce some level of
security..
It is correct that you can get switches that, one way or another, will try
to enforce the switching mode and thus, not reentering hub-mode.. Also the
locking mechanism some switches use, that locks the MAC/IP pair to a single
port is quite good, but rather annoying to work with in most office
enviroments (because of laptops and so forth).. And most
systemadministrators doesnt know how theese are enabled or simply never knew
they existed. Theese security measures are therefore often not enabled or
manually disabled for convenience.
And then there is the matter of the price ;)
- Dan
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: