s/key authentication for Apache on FreeBSD?
Slawek
sgp at telsatgp.com.pl
Wed Dec 10 14:54:40 PST 2003
Brett Glass wrote:
> I'm constructing a Web server which may require restricted areas
> of the site to be used from public places where a password might
> be sniffed. The damage that could be done by taking snapshots of
> the content from one session with a spy program is minimal. What
> the owner of the server does NOT want, though, is to allow unauthorized
> parties to gain unfettered access by stealing the password via
> a key sniffer.
Be warned that an attacker would probably be able to issue more
commands after user thinks he has logged out (when user used
compromised machine).
Slawek
More information about the freebsd-security
mailing list