Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: username and Password sent as clear text strings

From: Orlin Gueorguiev <orlin () baturov com>
Date: Sun, 18 May 2008 18:53:43 +0200
Hi Arvind,

На Sunday 18 May 2008 07:59:44 arvind doraiswamy написа:

Hey John,
I think this is a very common problem and after reading through
everything on this thread there's just 2 things that come to mind:

1) What you said -- Usage of IPSec end to end. Wouldn't that mean that
everyone who accesses this application(read internal users) also have
to use IPsec? You might want to look at whether the internal
switches/backbone is good enough to take that load or at least mention
the same to the client.

What load do you mean? The routers/switches see this as data, nothing else. 
The increase of the data (after beeing encrypted) depends on the algorithm, 
but as far as I know it is neglectable.

Orlin

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: