Andreas said:

Which is something that I'm
absolutely not fond of because it's transmitting your password pretty
much in plain text, obfuscated as base64. Ouch.

<rant>

This won't answer your question, but I'd like to play the Devil's
Advocate and as how this is a problem?

I hear a lot of people tout SSL and other things and get antsy about
exactly what you're describing, but how do you exploit it? Are there
any crackers here?

I went to a local meeting of the 2600 (from the magazine of the same
name) and I said I was concerned about security and I'd like to know
how to exploit something so I can protect against it. They said,
basically, that if you were trying to exploit somebody on another
network then it was only really possible by blasting endless password
combinations. It seems sitting on a LAN, you can watch the traffic go
in and out. On the Internets plural, it's harder or impossible to do.

I've got Fyodor's "NMAP Network Scanning" on my desk right now. OK,
you can port scan. You can see what ports are open. Then what?
Security seems to me to be a real area of cargo cult programming. Get
SSL, or else.

Maybe you want to ignore this, as it, again, doesn't really do
anything for your question. But just once I wish somebody would
convince me about efforts taken to create security from first
principles and not just because Bruce Schneier raised his eyebrow.

</rant>

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100223/f6be6b53/attachment.htm