Security Basics mailing list archives
RE: Transmitting Sensitive Information between Servers
From: "Thevendriya, Arvind" <athevendriya () sabercorp com>
Date: Mon, 8 Sep 2008 17:22:25 -0400
Arif, How are you passing the credentials? What is the platform of the server? Windows or UNIX? If UNIX you can the credentials using SSH version 2. Regards, Arvind Thevendriya Network Engineer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ben Preston Sent: Monday, September 08, 2008 12:32 PM To: Basha, Arif Cc: security-basics () securityfocus com Subject: Re: Transmitting Sensitive Information between Servers On Mon, Sep 8, 2008 at 10:48 AM, Basha, Arif <abasha () apa org> wrote:
We have a policy to not pass user name/password, etc in clear between servers within our DMZ. Is this being too pedantic? I would be interested to hear how others have this implemented? Thanks. Arif
I don't think it is too much to ask for. There are secure methods for this, whatever the transport; stunnel, encrypted data piped over netcat, https, sftp/scp... -- Ben
Current thread:
- DMZ Web Servers Lafosse, Ricardo (Sep 05)
- Re: DMZ Web Servers Rob (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- <Possible follow-ups>
- Re: DMZ Web Servers David Glosser (Sep 08)
- RE: DMZ Web Servers Lafosse, Ricardo (Sep 08)
- Re: DMZ Web Servers Adriel Desautels (Sep 08)
- Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
- Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
- RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
- Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
- Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
- RE: Transmitting Sensitive Information between Servers David Gillett (Sep 11)
- Re: DMZ Web Servers Rob (Sep 08)
- TrueCrypt Basiru Ndow (Sep 10)
- Re: TrueCrypt Marc-André Laverdière (Sep 11)