YDL.net signon screen is not secure... What to do about it?
Jim Parks
yellowdog-general@lists.terrasoftsolutions.com
Fri Mar 28 19:08:01 2003
Yeah, that sounds simple and convenient... a LOT easier than TSS just
buying a certificate.
On Fri, 28 Mar 2003, Atro Tossavainen wrote:
> > So, how about it, YDL.net'ers? Would you be willing to accept a
> > self-signed certificate in order to keep your YDL.net password secure?
> > I know I would.
>
> I'm not a YDL.net'er, but I would much prefer any login screens to be
> secured with SSL even if the cert was self-issued, if the alternative
> is raw HTTP which _will_ expose such information to all and sundry.
>
> If the SSL certificate brouhaha really is an issue, perhaps YDL could
> set up an SSH server with a public "ydl" account and no password where
> the shell only accepted one command: "exit". The SSH daemon would be
> configured to accept port forwards only to the ydl.net site port 80.
> People would then use their ydl.net accounts through "http://localhost:N"
> where N is the port they chose for their end of the SSH tunnel. The
> public key (fingerprint) for this SSH server would be made available
> through the store, as you suggested for the self-signed cert.
>
>