NNTP-Ext 6.0 Security Considerations

Common NNTP Extensions

Be sure to read the "RKT couplings" below for additional information, comments, and links.

NNTP-Ext:[Previous][Up to Table of Contents] [Next]

NNTP-Ext 6.0 Security Considerations
The use of the AUTHINFO is optional. This command as documented has a number of security implications. In the original and simple forms, all passwords are passed in plaintext and could be discovered by various forms of network or system surveillance. The AUTHINFO GENERIC command has the potential for the same problems if a mechanism is used that also passes cleartext passwords. RFC 1731[8] discusses these issues in greater detail.
[Source:"draft-ietf-nntp-imp-02.txt"] [Last Changed:March 1998] [Copyright: 1998 S. Barber]


    The use of the AUTHINFO is optional. This command as documented
    has a number of security implications. In the original and simple
    forms, all passwords are passed in plaintext and could be
    discovered by various forms of network or system surveillance.
    The AUTHINFO GENERIC command has the potential for the same
    problems if a mechanism is used that also passes cleartext
    passwords. RFC 1731[8] discusses these issues in greater detail.

[Source:"draft-ietf-nntp-imp-02.txt"] [Last Changed:March 1998]
[Copyright: 1998 S. Barber]

NNTP-Ext:[Previous][Up to Table of Contents] [Next]

(Corrections, notes, and links for Usenet RKT.)
by Mib Software, NNTP software and consulting

Overview and Related Topics

Up to: Common NNTP Extensions

RKT Rapid-Links:[Search] [RKT Tips] Path:For Developers / NNTProtocol / NNTP-Ext / 0046.htm