in reply to Re^4: CGI MySQL insert/update special characters
in thread CGI MySQL insert/update special characters
The problem with digest authentication is that it requires the server to store a plaintext password or password-equivalent and that leads to the server being a very attractive target for stealing the password list. (Windows networking has gone through several variants of this that all fall to "pass the hash" attacks. Then Microsoft started using Kerberos in Active Directory and screwed that up too, leading to the "golden ticket" and "silver ticket" attacks.)
I consider the house embedded device LAN an isolated network, since it does not cross with Internet-connected segments except at dual-NIC hosts (all of which are considered "secure" and none of which are configured to bridge LANs or route traffic) that are on both networks, nor are there any wireless APs on it, nor does it leave the building. Embedded devices often have really bad security anyway; I have worked with one embedded network stack that (unless I missed something in the code) used a 32-bit entropy variable for everything — including SSL session keys.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^6: CGI MySQL insert/update special characters
by haukex (Archbishop) on Mar 30, 2020 at 07:24 UTC | |
by jcb (Parson) on Mar 31, 2020 at 03:43 UTC |