skarborg
commented
8 years ago All this means is... if someone/something is sniffing the network between the client (browser) and server (meteor/node) then they could see the clear-text credentials [username & password] on the wire. Difficult (relatively) but still possible. Probably less of an issue in an internal network (intranet), but major issue over the internet.
Simplest fix is to have an SSL connection to the server! But involves HA proxy, stud and/or cloudflare (if server is public).
Hi! In here https://atmospherejs.com/typ/accounts-ldap under "Issues + Notes" you have mentioned that "Because the package binds/authenticates with LDAP server-side, the user/password are sent to the server unencrypted. I still need to figure out a solution for this." What does that mean and what is the impact on the security part?