Date: Fri, 6 Feb 1998 05:49:58 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: andrew@squiz.co.nz (Andrew McNaughton) Cc: hackers@FreeBSD.ORG Subject: Re: WebAdmin Message-ID: <199802060549.WAA03253@usr06.primenet.com> In-Reply-To: <v02120d00b0ff5030c15f@[203.96.56.128]> from "Andrew McNaughton" at Feb 6, 98 05:39:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> There are of course still authentication issues which must be dealt with on > every request. SSL or similar would be required in order to safeguard > passwords. Storing the IP associated with requests helps to avoid hijack, > but is open to spoofing attacks from anyone able to intercept packets > containing the session ID. SSL can not be in by default because of ITAR restrictions. BSD crypto is done outside the US, mostly so that non-American programmers become better at crypto than American programmers so foreign powers can conduct espionage with impunity because we can't break their crypto. Er, I mean so that we can keep these dangerous munitions from falling into the wrong hands, since an evildoer would never violate US export regulations in the course of engaging in terrorist activity, because terrorists have a social conscience. Er, because we are stupid. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802060549.WAA03253>