Internet Draft | Kent Cedola
|
Internet Draft | Kent Cedola
|
Security issues are discussed in the authentication section.
The IRCX command returns a set of authentication mechanisms supported by the server. This method is open to a middle man attack whereby an attacker modifies the list of returned authentication method and only offer a cleartext password transaction. In order to avoid this type of attack only authentication methods with a challenge response mechanism should be used whenever security is a concern.
Since all administration commands for IRC and IRCX are send in cleartext a stream layer encryption mechanism like SSL[5] or IPSEC is required to protect the integrity and confidentiality of the transactions. The mechanisms for establishing these connection are outside the scope of this document.
PREVIOUS PAGE | TABLE OF CONTENTS | NEXT PAGE
Comments about this page? Send them to
webmaster (at) invlogic.com.
Return to Innovative Logic's Home Page.
Last modified: 17-Sep-2004 01:04PM.
Pages copyright ©1996-1997,
Innovative Web Creations.
All rights reserved.