Opened 14 years ago
Last modified 7 years ago
#93 new enhancement
Possibility to disable unsecured authentication
Reported by: | Julien ÉLIE | Owned by: | eagle |
---|---|---|---|
Priority: | low | Milestone: | 2.6.x |
Component: | nnrpd | Version: | |
Severity: | minor | Keywords: | compliance |
Cc: |
Description
AUTHINFO USER/PASS exposes the user's password to eavesdropping.
According to RFC 4643: "Any implementation of this command SHOULD be configurable to disable it whenever a strong encryption layer (such as that provided by [NNTP-TLS]) is not active, and this configuration SHOULD be the default. The server will use the 483 response code to indicate that the datastream is insufficiently secure for the command being attempted."
Change History (4)
comment:1 Changed 14 years ago by
Keywords: | compliance added |
---|
comment:2 Changed 13 years ago by
Milestone: | → 2.6.0 |
---|
comment:3 Changed 8 years ago by
Milestone: | 2.6.0 → 2.6.1 |
---|
comment:4 Changed 7 years ago by
Milestone: | 2.6.1 → 2.6.x |
---|
Note: See
TracTickets for help on using
tickets.
Milestone renamed