Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Glen Starrett wrote: > Protocols recommendations are near the bottom of this page: > http://march-hare.com/cvspro/security.htm Glen, I have a question about a comment there. It says about sspi: "SSPI is also considered secure provided that Active Directory is set to enable kerberos authentication only (ie NTLM disabled)." I don't use AD; I just run a Win2k Pro server with (so far) only Windows clients, using the SSPI protocol. Considering earlier discussions here on the group I thought this was secure... Given what they say here <http://en.wikipedia.org/wiki/NTLM>, it seems that in my situation, SSPI is using NTLM (authenticating to a server through an IP address, no AD domain) -- which, it seems, is not considered secure. Should I worry? Is there anything I can do (short of using sserver)? Thanks, Gerhard