KS-Soft

Advanced Host Monitor forum
https://www.ks-soft.net/phpBB/

RMA password in clear text

https://www.ks-soft.net/phpBB/viewtopic.php?t=3901

Page 1 of 1

RMA password in clear text

Posted: Wed Feb 28, 2007 10:40 am
by RicochetPeter
Hi KS-Soft,

I see that the windows RMA hides its password in two lines of text which are somewhat cryptic, whereas the Linux RMA uses the password in clear text. This looks like a little security hole to me. Is it possible to have it in a similar form as in the Windows RMA?

Re: RMA password in clear text

Posted: Wed Feb 28, 2007 10:51 am
by KS-Soft Europe
RicochetPeter wrote:This looks like a little security hole to me.
I do not think so. All traffic between RMA and HostMonitor or RMA and RMA Manager is encrypted using MD5 + Twofish encryption and the password itself is never transmitted through the network without encryption.

Regards,
Max

Posted: Wed Feb 28, 2007 11:21 am
by RicochetPeter
Having it in the config file (rma.ini) in clear text is what I would like to prevent...

Posted: Wed Feb 28, 2007 4:08 pm
by KS-Soft
Probably we will change that in the future.
On the other hand
1) if somebody has access to your system, he can make a lot of problems without knowing this password
2) You may restrict access to this file

Regards
Alex

Posted: Thu Mar 01, 2007 7:48 am
by RicochetPeter
thx :)
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited