[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Of course, a mentioned http is cleartext, and that's what https was invented to protect -- it's just a encrypted socket connection between your browser and the webserver, though the http that travels inside that tunnel is still in the clear, unless you're privy to the stream encryption, it all looks like garbarge to an eavesdropper. k ------------------------------------------------------------------------------ "Success covers a multitude of blunders." -- George Bernard Shaw mortis@voicenet.com http://www.voicenet.com/~mortis ------------------------------------------------------------------------------ On 1999年8月31日, Michael W. Ryan wrote: > On 1999年8月31日, Nick R wrote: > > > Umm, aren't the passwords encrypted? > > Nope. Only if the protocol supports encrypted passwords, and POP isn't > one of them. POP is clear text. So is HTTP. If you capture packets, > you can reconstruct a persons session VERBATIM, headers, content, > everything. > > Michael W. Ryan, MCP, MCT | OTAKON 1999 > mryan@netaxs.com | Convention of Otaku Generation > http://www.netaxs.com/~mryan/ | http://www.otakon.com/ > > PGP fingerprint: 7B E5 75 7F 24 EE 19 35 A5 DF C3 45 27 B5 DB DF > PGP public key available by fingering mryan@unix.netaxs.com (use -l opt) > > > _______________________________________________ > Plug maillist - Plug@lists.nothinbut.net > http://lists.nothinbut.net/mail/listinfo/plug > _______________________________________________ Plug maillist - Plug@lists.nothinbut.net http://lists.nothinbut.net/mail/listinfo/plug