macforge.org via https?
William Siegrist
wsiegrist at apple.com
Mon Dec 31 16:52:41 PST 2007
We (at Mac OS Forge) are working on an improved infrastructure that
will remove the need for digest auth, use SSL, etc. I dont have an ETA
for you, but rest assured we know we have plenty of improvements to
make site-wide.
Thanks.
-Bill
On Dec 31, 2007, at 3:26 PM, Landon Fuller wrote:
>
> On Dec 25, 2007, at 8:44 AM, Juan Manuel Palacios wrote:
>
>>
>> On Dec 25, 2007, at 8:51 AM, js wrote:
>>
>>> Forwarding to macports developers.
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: js <ebgssth at gmail.com>
>>> Date: Dec 25, 2007 12:19 AM
>>> Subject: macforge.org via https?
>>> To: MacPorts Users <macports-users at lists.macosforge.org>
>>>
>>>
>>> Hi list,
>>>
>>> A simple question.
>>>
>>> is there any reason http://www.macosforge.org/wp-login.php is not
>>> HTTPS?
>>
>>
>> Because we use http digest for authentication, not SSL.
>
> But HTTP digest doesn't solve any of the problems that SSL solves:
> - It is still vulnerable to a MITM attack. Your password is hashed,
> but the hash is password-equivalent -- an attacker can simply
> forward it on.
> - Digest authentication is indistinguishable from Basic
> authentication -- your browser will display the same dialog
> regardless of the authentication type.
>
> At best, it will prevent a passive attacker from acquiring your
> password. Anyone engaging in an active MITM attack will have no
> difficultly acquiring your password.
>
> -landonf
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/macports-dev
----
William Siegrist
Software Support Engineer
Mac OS Forge
http://macosforge.org/
wsiegrist at apple.com
408 862 7337
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2421 bytes
Desc: not available
Url : http://lists.macosforge.org/pipermail/macports-dev/attachments/20071231/35a4e323/smime.bin
More information about the macports-dev
mailing list