Community discussions

 
dougunder
newbie
Topic Author
Posts: 40
Joined: Tue May 01, 2018 10:53 pm

/tool fetch password clarification

Tue Aug 13, 2019 10:18 pm

Hi,

Could not find much info about how fetch authenticates.

So if I had a https server running nginx with basic auth configured.

And someone was trying to man-in-the-middle one of our routers.
Using wireshark or similar would they be able to sniff out the password.

Assuming the P/W is safe, if they configured a local dsn matching our server url and a fileserver w/o authentication would fetch pull a file if configured to use authentication?

Other then checking certs (were are tryng to find a way to deal with a cert/crl going bad) is there anyway to ensure it will only fetch files from our server?

Amusing the PW is safe I was thinking you could verify a secondary password before executing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24077
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: /tool fetch password clarification

Wed Aug 14, 2019 10:07 am

Using wireshark or similar would they be able to sniff out the password.
No, that's why you use HTTPS
No answer to your question? How to write posts

Who is online

Users browsing this forum: No registered users and 5 guests