© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Created attachment 269413
patch v3 with autoprobe
What I meant is that it's possible to suppress/filter the usage of secure ones (on a malicous server, a man in the middle or some program on your client). This won't be detected and the password revealed by using insecure ones.
Hm yes, you're right in that it is secure enough if one has only the ability to sniff but not actively communicate.
So here's my proposal how I understand it.
Additionally we could switch trySecAuth off for one server when the use Secure Authentication is switched in the UI.
Regarding probing the servers abilities you mentioned in comment 15. Are there written plans on this?
In general, having the option would be nice, but only if the user either is noticed to review the settings taken or if it's triggered by himself.
I adjusted the strings.