[FQuest Announce] SSL Encrypted CNC Access Now Available - Page 2

*Joseph* · 08-15-2005, 12:56 AM

The "Secure FTP" discussion has been split into this topic:
http://www.Aota.net/forums/showthread.php?t=19953

*cjcox* · 08-15-2005, 01:26 AM

Should have read "see" sorry about error. Where I work the usage of clear text passwords on the wire is considered weak security. Obviously security is something that is defined by site specific policies. Our policy doesn't allow clear text passwords on the wire.

I should have made my position clearer. I hope see more clear text identity/password related information encrypted at futurequest someday.

I apologize for the errors in my previous post and for stepping on your toes without good reason.

phppete · 08-15-2005, 04:12 AM

Thank you for this additional feature, much appreciated.

*MTDesigns* · 08-15-2005, 01:03 PM

Quote:

availability of your CNC (control panel) over an SSL encrypted path

Thanks for the extra security, but just wondering...what could happen when logging in the old CNC?

Best always,

Joi

**Terra** · 08-15-2005, 01:24 PM

Quote:

what could happen when logging in the old CNC?

Depends on how much you trust the administrators at your ISP or of any network between your computer and our servers...

Of course the further your packets traverse away from your computer to ours, the more difficult it is to sniff the session since packets can take any route along the way for which the reverse is true especially with asymmetric paths...

Overall, the risk is very low, however the ability is there to do so (scraping username/passwords) if an ISP tech were to feel inclined...

When the internet was created, the focus was on interoperability for most all of the services... Now these services are so entrenched in the fabric of how the internet works, securing them is proving to be extremely difficult because people generally don't like change or disruptions... e.g. the unsecure nature of SMTP services that spammers depend on...

--
Terra
--traded my club for a bow and arrow long ago, however fire is beginning to look like the next big thing--
FutureQuest

*MTDesigns* · 08-15-2005, 03:50 PM

Thanks for explaining Terra

!

*songdog* · 08-15-2005, 05:26 PM

Quote:

Originally Posted by Terra

--traded my club for a bow and arrow long ago, however fire is beginning to look like the next big thing--

Except that a Sabre-toothed MicroSloth has bought up all the kindling and combustible fuel sources, so you can only have fire after paying Bill his monopoly licensing fees...

*songdog* · 08-16-2005, 01:13 AM

I'm using Firefox 1.0.6 on WinXP.

When I use the browser's BACK button, the behavior is different when using SSL to access my CNC. Specifically, the page is reloaded from the server. When using port-forwarded ssh access, the BACK button just goes right back to the previous page from my browser's cache.

*Wassercrats* · 08-16-2005, 01:38 AM

In IE on WinXP, with "Check for newer versions of stored pages" set to "automatically," the back button gives me that latest page. I tested it by going into cgi-bin with my port forwarded CNC, then into www, then FTPing a new file in cgi-bin, and clicking the back button in CNC. The new file was listed.

*kitchin* · 08-16-2005, 08:26 AM

Firefox is working on its (bad) back button behavior. The new back button should be much faster also. The betas of Firefox 1.5 already have it.