Re: Deprecation of the MAIL-FROM auth scheme
1 Apr
2002
1 Apr
'02
12:38 a.m.
Dear Andrei & list, talking about a secure database, I wonder why the crypted password is shown when using CRYPT-PW as authentication scheme? While it might take long to get the clear-text password using brute force or dictionary attacks, it is still possible. Why not patch the whois server so it doesn't show the crypted password and hence make hijacking of objects impossible by bruteforcing a maintainer password? Best regards Christoph Kuhles Managing Director Aquatix IT-Services e.K. Monday, March 25, 2002, 1:58:10 PM, you wrote: AR> Please find enclosed the migration plan to a more secure database.
8304
Age (days ago)
8304
Last active (days ago)
0 comments
1 participants
participants (1)
-
Christoph Kuhles / Aquatix RIPE services