O'Reilly logo

Web Security, Privacy & Commerce, 2nd Edition by Gene Spafford, Simson Garfinkel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Secure Remote Access and Content Updating

Once you have your web server up and running, securely logged and monitored, you will next be faced with a troubling real-world question: how will your users update the web server’s content?

In the early days of the World Wide Web, most content was created live on web servers by programmers and developers using Unix text editors such as emacs and vi. These days most content is created on desktop PCs and Macs and then uploaded to the web server. This upload is fundamentally a file transfer operation. Unfortunately, a holdover of the U.S. government’s two-decade war on cryptography is that the Internet’s most common file transfer protocol, FTP, sends usernames and passwords without first encrypting them. This makes the protocol vulnerable to password sniffing.

The Risk of Password Sniffing

Password sniffing is a significant security risk on the Internet today. Passwords sent without encryption can be intercepted by a network monitor program and conveyed to attackers. Stolen passwords can be used to rewrite web pages and break into other Internet accounts. When the stolen passwords belong to system administrators with additional security privileges, even more serious mayhem can be wrought.

Unfortunately, usernames and passwords sent unencrypted over the Internet remain one of the most common ways of authenticating users on the network today. Plaintext passwords are widely used by many Internet protocols, including remote login (Telnet/rlogin), ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required