- From: Philippe-Andre Prindeville <philipp@res.enst.fr>
- Date: Sun, 30 Jul 95 23:47:19 +0200
- To: Jonsm@aol.com, www-html@www10.w3.org, www-html@w3.org
On Jul 29, 18:30, Jonsm@aol.com wrote: > I'm working on hooking up Telnet URLs to a telnet package. These URLs can > contain an embedded user name and password. Can someone explain to me how the > username/password is passed back to the telnet host? Is this done using the > telnet authenticate protocol or is it something simpler like automatically > sending the user/pass as the first two lines of the session or is it > something else? I would warn against doing the later... I haven't followed telnet authentication developments in a couple of years, but it seems to me that there are hooks in telnet for supporting various authentication and encryption schemes... Normally, such as with your common or garden variety telnet session, the username and password are passed in the clear, and the telnet client is unaware of the fact that "sensitive" infomration is being passed. This is a weakness IMHO. If you just sent the username and password automatically, then the password might appear (be echoed) if the server end was slow in turning off echo or simply announced that it wasn't accepting logins (maybe the user limit was reached or the system was unavailable while backups were being made, etc). On a printing terminal, or in a crowded room with people watching over your shoulder, this would be A Bad Thing. You could try using a "chat" script that had "send/expect" strings. > Is there a newsgroup for asking telnet protocol questions? I couldn't locate > one. Must not have looked too hard: telnet-ietf@timbuk.cray.com -Philip
Received on Sunday, 30 July 1995 17:47:33 UTC