On Mon, 17 Jul 2000, Ingvar Berg (ERA) wrote:
[my message regarding leaving a password log with only fails and no
encrypted strings]
> Please don't forget that most failed pw entries are correct except for
> one or two chars => this info can be quite interesting to an intruder
> (extenal or "insider")
Yep, I understand the dangers here, but this is a case where I weighed the
options and thought that for the convenience factor, it would be worth
it. My idea is to rotate the file every half-hour, set permissions in a
sane way, and allow the support folk to access it only via a secure and
password-protected web page. The time savings here in some support
situations is immense when support can actually see what the user is
typing.
So many times people swear the caps-lock isn't on...
Charles
>/Ingvar
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
