[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hacking the system

To: Mikael Olsson <mikael.olsson@enternet.se>, martin@mediax.com
Subject: Re: hacking the system
From: Michael T. Babcock <mbabcock@fibrespeed.net>
Date: Mon, 21 Aug 2000 11:24:11 -0400
Cc: 'firewallsListsGNACNET' <firewalls@Lists.GNAC.NET>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

----- Original Message -----
From: "Mikael Olsson" <mikael.olsson@enternet.se>


> > Do not do this if you are using SQL authentication. Even once you have
> > changed the sa password from the default (null), it is still apparently
> > a security hole.
>
> SQL authentication is plain text. Ripping passwords from it is
> like stealing candy from a kid.
>
> To be able allow SQL talk across the internet with anything even
> remotely resembling "security", you'll have to encrypt it somehow.
> I guess plain old SSH tunneling is out of the question (wrong OS),
> so IPsec is probably your best bet. PPTP sucks, so it's not an
> option, and L2TP is probably too cumbersome. (Having your interface
> suddenly be present on the remote network is handy in "RAS"
> scenarios, but it isn't much good if the clients are trying to
> connect to multiple locations at the same time while maintaining
> local network security.)

Note: very good SSH solutions exist for Windows now.  http://www.ssh.fi has
commercial versions of SSH2 for Windows that are child's play to set up.

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: RE: IP addressing on firewall
Next by Date: Re: Class A or C??
Prev by thread: Re: hacking the system
Next by thread: Re: hacking the system
Index(es):
- Date
- Thread