With the undeniable proliferation of internet cafes/wireless access points in addition to public terminals routinely found in libraries, etc. I cannot help but ruminate
on the potential security implications. With PM user information (login and password) being passed to the server in plaintext (unencrypted form), there is essentially nothing to prevent an interloper from utilizing a sniffer and/or keyboard logger so that he/she could gain unauthorized access to an account. Clearly, this could result in an incident that is more than merely annoying:
- Change your home node photo to something which clearly violates the terms of usage.
- Obtain user information (private email address), etc.
- Impersonate someone in the CB and/or send private messages designing to berate another PM user.
- In the event that a monk is a privileged member (pmdev, etc.), the potential ramifications obviously warrant a greater degree of concern.
- Change your password thereby locking you out of your own account. This scenario would dictate you contact an appropriate monk and verify your identity in some fashion. Perhaps an enigmatic/cryptic phrase could be agreed upon in advance.
- Provide the option for all monks to generate a relatively small list of disposable passwords (similar to a one-time pad). The monk in question would retain this list and use each password in sequential order only when logging in from a machine in a public setting. Once he/she logs out, the password that was used is invalidated thereby rendering a sniffer/keyboard logger completely ineffective.
- Create a checkbox under the password field that, if checked, would limit that specific session to CB conversations only.
I'm eager to hear what suggestions or criticisms (yes, even those) you collectively have.
If you've read this far, thanks. <grin>.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||