yes, but if someone is sniffing the lines, unless the initial page is a https:// page, the username and password will be transmitted across the internet in plain text. Generally this isn't a problem, but if you are on a cable line, anyone on that subnet could realistically view the username/password, for future playing.
It isn't so much insecure for your system, but insecure from the users standpoint. George >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] >Sent: Tuesday, February 15, 2005 2:08 PM >To: [email protected] >Subject: Re: [U2] UV to Web interface > > >Vance wrote: "Will, In one of your responses you said you >added username and pwd to the form. I hope this form is not >web accessible, and if it is, you should atleast be >serving it ssl. Way to easy to sniff in pure http.... Just my >2 cents..." > >Vance not sure why you think it's insecure. It's not like >they can make up any old username and password. It's still >validated against the Windows system username and password. > The reason I had to add it, is that without it anyone could >run any command they wanted since it would have logged in with >a static username and password every time. > Since the page will be accessible to the outside, I need >some way to prevent anyone from running any command. So now >they have to at least be validated through the Windows password system. >Will ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
