Re: HTTPS access to Bugzilla?



Luis Villa <louie ximian com> writes:

> And this is information they can't get from simply querying bugzilla
> and/or using other vulnerabilities to get at your password how[1]?

That's not an attack that I'm worried about.

> You're being (IMHO) overly paranoid about something that just isn't that
> important.

I'm being worried about passive eavesdropping, not active attacks.
You may consider it paranoid, but every conference they put the
collection of acquired passwords on the large screen in front of
everybody.

I don't want to broadcast my password to anyone listening on the local
network.  I'm not worried about them going out of their way to break
Bugzilla to get my information; I'm worried about them reading it as
it travels across the local (shared) network.

> > I don't see how setting up https is much administrative overhead.  You
> > only need to set it up once then never touch it again.
> 
> Because setting it up once is > 0, which is about how much time the
> admins have.

As I said, I'm willing to help set it up.

> Luis

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]