[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Privacy International seeks entries in "stupid security" contest

To: iesg@ietf.org, iab@ietf.org
Subject: Re: Fwd: Privacy International seeks entries in "stupid security" contest
From: Rob Austein <sra@hactrn.net>
Date: Wed, 12 Mar 2003 15:37:02 -0500
In-reply-to: <5.2.0.9.2.20030312121432.0213aaa0@mira-sjc5-b.cisco.com>
References: <5.2.0.9.2.20030312121432.0213aaa0@mira-sjc5-b.cisco.com>
User-agent: Wanderlust/2.8.1 (Something) Emacs/20.7 Mule/4.0 (HANANOEN)

Must it be be a current security measure, or would pcnfsd qualify?

(For those who never had the misfortune to run into that one: it was
for PC NFS client implementations used by people who thought that
sending the username and password across the network in plaintext in
order to get back a uid/gid pair was "more secure" than letting the PC
user specify the uid/gid pair directly.  Some of FTP Software's
customers felt so strongly about this that they objected to having the
options for bypassing pcnfsd documented in the product manuals.)

References:
- Fwd: Privacy International seeks entries in "stupid security" contest
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Fwd: Privacy International seeks entries in "stupid security" contest
Next by Date: how to deal with liaison statements
Previous by thread: Fwd: Privacy International seeks entries in "stupid security" contest
Next by thread: how to deal with liaison statements
Index(es):
- Date
- Thread