|
|
|||||||
| Chit Chat Public Talk about any thing you want! This forum is public. |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
02-20-2004, 01:04 PM
|
|||||||||||
|
|||||||||||
Security Concerns with MSSQL Manager
Hey Guys,
I was a little concerned today when I logged into the MSSQL manager today for the first time on my website. When I logged on by clicking on the magnifying glass next to MSSQL manager in my control panel, I noticed that my username and password were embedded right into the front of the URL! Thats pretty poor security! On a shared computer this URL is saved in the history, along with my password for any one to see. Also, since the log in didnt seem to work, I modified the url slightly and went to this page: www.arguecity.com/MSSQL/app/connect.aspx You will notice that when you go there, the password box is actually just a plain text box! Im not sure who's responsibility it is to fix this, but wow!  Jason 
|
|
#2
02-20-2004, 01:16 PM
|
||||||||||||
|
||||||||||||
|
Quote:
This is really used widely by many CP's and other software. Now does not even work as it use to because of MS making some changes to IE. H-Sphere should be changing WebShell, aspx EM, and someother stuff will change to login anther way but it may stills how the username and password, there is not many ways to pass this info to anther server with out using something in the URL.
__________________
Brad Pugh http://www.vortechhosting.com ------ Local System/Network Monitor http://nagios.hsphere.cc/ Login:guest Pass:guest XML FEED http://nagios.hsphere.cc/feed.xml ------ My Other Life: 
|
|
#4
02-20-2004, 07:09 PM
|
|||||||||||
|
|||||||||||
|
Might want to post suggestions at psofts forum www.psoft.net we're pretty much stuck with whatever they decide to churn out
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
