Re: [tlug] SSH'ing to home with only port 80

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Shawn" == Shawn  <javajunkie@example.com> writes:

    Shawn> Ok then,

    Shawn> PS With http though they could sniff your password.  I'd
    Shawn> set it up to run https.

    >> As was pointed out earlier, if http/https is being proxied, the
    >> password will be converted to cleartext by the proxy.
 
    Shawn> All's you'd have to do it PGP the password and send it as a
    Shawn> file.  The servlet could upload it, and decrypt it.

Unfortunately, that turns out to be useless---the intruder simply
sends the intercepted PGP file to the servlet.  A sufficiently dumb
intruder might not even notice that it was PGPed, yet succeed!

    Shawn> There are alternatives too.

Sure, but they require implementing the same kind of handshake that
SSH does.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.