Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Keith D. Zimmerman wrote: > But now a checkout. Finally, the encryption error hits, but methinks it > is too late... I am more concerned about my domain passwords being um, > "borrowed" than I am about my code being "borrowed", because we have an > RDP port hanging open, and I am domain admin... Very bad if people > "borrow" my password. Fortunatly I know enough to test on the LAN > *before* opening the port on the external interface... If you want any kind of security, don't use pserver. Delete the pserver_protocol.dll from the server. > Also, as far as security: If I set the server to "require encryption" > :spi: still seems to work. There have been reports (in the past) that > windows authentication was "not good". People deriding M$'s built in > auth. in internet explorer and IIS because it was dangerous, esp. w/ > domain passwords. Anybody know anything about this???? NTLM doesn't do endpoint authentication, so is wide open to man-in-the-middle attacks. If you're only worried about passive attacks then NTLMv2 is secure enough (don't allow any Win9x clients to connect... NTLMv1 is trivially crackable). > Also, one more question: what is the cipher strength of the various > protocols - sserver, sspi - as compared to cygwin ssh? sserver is about the same as ssh provided you enable strict certificate checking on the client (see the readme.nt for the registry entry). I wouldn't put sspi in the same league (although it's secure enough for most purposes). Tony