Date: Thu, 05 Apr 2001 06:35:28 -0700 From: Nick Sayer <nsayer@quack.kfu.com> Cc: Assar Westerlund <assar@freebsd.org>, cvs-committers@freebsd.org, cvs-all <cvs-all@freebsd.org> Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile Message-ID: <3ACC74A0.7000304@quack.kfu.com> References: <200104050037.f350b7t89955@freefall.freebsd.org> <3ACC0695.4010603@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
By the way, lest anyone forget, all of this functionality we're talking about isn't even the default for telnet. You actually have to *ask* for it (telnet -a) to do an automatic login. IMHO allowing this to proceed without at least ROT13ing ( :-) ) the authentication data does not meet POLA guidelines. It's even worse than that, though, since plaintext is used *without any warning*, which doesn't even allow the user a chance to be astonished (unless he finds out someone sniffed his credentials). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACC74A0.7000304>