OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Passwords
From: cogNiTioN (cognitionbigfoot.com)
Date: Mon Jan 31 2000 - 04:30:11 CST

On Mon, 31 Jan 2000, Thorsten Kukuk wrote:

> Yes, they support PAM, but this is not enough. The protocols
> you are using must also allow longer passwords. And this is
> very often not the case, a very lot of the protocols and of
> the packages have hardcoded length for the password buffer.

I'm not a coding expert, but I thought it was recommended practice to
'hardcode' the length of buffers, in order to limit buffer overflows. Esp.
on ones like password fields, where authentication generally is NOT
required before entering data into the buffer.

Or have I completely missed the boat on buffer overflows?
 
cog
-- COGNITE.NET coming back online Feb 1st.
|--[cognitionbigfoot.com]----[http://www.cognite.net/]--[PGP KeyID:]--|
|--[The Mind is everything. What you think you become.]--[0x45FAC283]--|

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com