Re: [gomd-devel] Authentication follow-up

gomd-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gomd-devel] Authentication follow-up

From:	Johnny Cache
Subject:	Re: [gomd-devel] Authentication follow-up
Date:	Sun, 28 Sep 2003 11:52:41 -0500 (CDT)

While i certainly think its handy to be able to telnet to gomd and talk to
it I think it woujld be a Good Idea to tell the users that this possibly a
very bad thing todo and urge them away from it.
-jc


On Sun, 28 Sep 2003, Gian Paolo Ghilardi wrote:

> Hi roeles.
>
> Some words about the encryption issue.
>
> Of course, as gomd is growing up, we need to implement a good security
> level.
> Encryption is just one of the thing needed.
>
> As gomd can be contacted also by telnet clients, encryption cannot be used.
> So we've to distinguish amongst the clients.
>
> My idea is to provide a seclevel-by-client mechanism.
> - if gomd is contacted by a client using encryption, gomd will speak with
> encryption => all permissions granted
> - if gomd is contacted by a client _not_ using encryption, gomd will speak
> without encryption => ACL+strict security mode enabled.
>
> This stuff will be implemented after the first beta release.
>
> Obviously, every comment/suggestion/hint is welcome. :)))
>
> Byez.
>
> <rejected>
>
> ----- Original Message -----
> From: <address@hidden>
> To: "gomd developers mailing list" <address@hidden>
> Sent: Sunday, September 28, 2003 2:35 PM
> Subject: [gomd-devel] Authentication follow-up
>
>
> > Hi,
> >
> > I just thought the whole login-stuff over with a friend of me (who is a
> > huge supporter of openBSD and security..)
> >
> > The whole connection between gomd and the client will have to be encrypted
> > in some kind of way.
> > When a client has authenticated and logged in, another host will be able
> to
> > take over the (then unencrypted) connection. To prevent this from
> happening
> > I think we should think of a way to secure the whole connection. My idear
> > is to use SSL, since it is widely used and accepted to be secure. All
> major
> > languages have some kind of SSL support, so implementing it will be most
> > easy and secure.
> >
> > cheers,
> >
> > Roel
> >
> >
> > --
> > _____________________________________________________________________
> > Snel en voordelig ADSL nu voor iedereen bereikbaar.
> > Zon Breedband Budget voor EUR 14,95 per maand.
> > Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband
> >
> >
> >
> > _______________________________________________
> > gomd-devel mailing list
> > address@hidden
> > http://mail.nongnu.org/mailman/listinfo/gomd-devel
>
>
>
> _______________________________________________
> gomd-devel mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/gomd-devel
>

[Prev in Thread]

Current Thread

[Next in Thread]

[gomd-devel] Authentication follow-up, rbaardman, 2003/09/28
- Re: [gomd-devel] Authentication follow-up, Johnny Cache, 2003/09/28
- Re: [gomd-devel] Authentication follow-up, Gian Paolo Ghilardi, 2003/09/28
  - Re: [gomd-devel] Authentication follow-up, Johnny Cache <=
  - Re: [gomd-devel] Authentication follow-up, rbaardman, 2003/09/28
- Re: [gomd-devel] Authentication follow-up, rbaardman, 2003/09/29

Prev by Date: Re: [gomd-devel] Authentication follow-up
Next by Date: Re: [gomd-devel] Authentication follow-up
Previous by thread: Re: [gomd-devel] Authentication follow-up
Next by thread: Re: [gomd-devel] Authentication follow-up
Index(es):
- Date
- Thread