[ut2003io] UTelAdSE beta 3

Michiel El Muerte Hendriks elmuerte at el-muerte.student.utwente.nl
Thu Nov 14 12:52:34 EST 2002


On Thu, Nov 14, 2002 at 10:32:35AM -0600, Robert Brandtjen wrote:
> On Thursday 14 November 2002 09:56 am, [-SF-]Shockwave wrote:
> > Since we're on the topic of security, it should also be mentioned that the
> > UT2003 web interface doesn't employ any encryption scheme either.  ;)
> 
> Thats true, but it isn't running as a real user, hence, no permissions to 
> change actual files.

I garantee you that UTelAdSE is more secure then the WebAdmin, why?
simple, UTelAdSE has a 5 second pause on a incorrect login, The WebAdmin
doesn't, thus brute forcing UTelAdSE is much more difficult then brute
forcing the password via the webadmin.

For the rest they have same security issues as in unencrypted
connections.

UTelAdSE run's from within the UT2003 server, just like the WebAdmin, so
you damage anything on the server except shutting down the UT2003
server.
Because UTelAdSE runs from within UT2003 connections will be closed on a
map change.

-- 
Michiel "El Muerte" Hendriks            elmuerte at drunksnipers.com
TDS - Internet Services                 http://www.drunksnipers.com



More information about the ut2003 mailing list