Plain Text Password

Efried

Active Member
I checked the http traffic via Wireshark- Under Authorisation-Credentials I find the access data for password protected cgi calls to the WC in plain text- is this very bad news?
 
WebControl allows plain text password, also support standard Based64 encrypted password.  What method your PHP program using to send password is your choice.
If the security is a concern, please also use allowed host for which IP address can access WebControl. It will drop connection for any access attempt from IP address not in the list.
 
CAI_Support said:
WebControl allows plain text password, also support standard Based64 encrypted password.  What method your PHP program using to send password is your choice.
If the security is a concern, please also use allowed host for which IP address can access WebControl. It will drop connection for any access attempt from IP address not in the list.
In this case I'm using Internet Browsers- apparently they are chatty about passwords towards the WC...
 
Back
Top