6 Jun
2001
6 Jun
'01
2:02 p.m.
snip
Of course it would not help against a prying administrator. It's plain simple to sniff the passwords from HTTP traffic.
Regards, Frank
And that's why you shouldn't allow access to the management interface via HTTP. (I just wonder why there is a *separate* ZServer with SSL capabilities and why SSL isn't simply integrated into the standard ZServer. Does anybody know?) I simple 'Deny from all' all accesses to any url containing 'manage' on port 80 so that noone accidentally sends a password in cleartext. Ragnar