Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Preferences in 1.0.0RC3 client

from [Jan-Oliver Wagner] Network Security [Permanent Link]
Subject: Re: Preferences in 1.0.0RC3 client
Date: Mon, 23 Jan 2006 17:04:29 +0100 
Hi,

On Fri, Jan 13, 2006 at 01:24:51PM -0000, Nelson, C.M. wrote:

Some observations about 1.0.0RC3 client:

* Non-default preferences for Nmap (NASL wrapper) set under global
settings are not remembered between sessions.  


confirmed.


* If non-default preferences are set for Nmap (NASL wrapper) under
global settings, and then a new task is created, the new task has the
default settings not the modified ones.


confirmed.


* Toggling the auto connection preference does not seem to have any
affect (I think).  


The users manual says:

| Automatically connect If this setting is enabled, the NessusClient will
| try to connect to the server when a scope is executed. For user
| certificates without a password, this will work immediately. For
| password protected user certificates or simple password based
| authentication, the password will be stored in memory after a successful
| login until NessusClient is closed.

Does this clarify or do you have a proposal to improve the manual text?


(Comment: I never liked the way preference changes were only saved if a
scan had been run under the old Nessus client. I would rather see
preferences saved to file immediately as they are changed or via an
explicit save preferences operation. I hope the new client is/will be
less arcane.)  


This is a conceptual weakness NessusClient inherited from the old
GTK Client (where you only had a single session). And the two above
confirmed problems are directly related to this.

I agree that this should be changed to explicit save operation.
However, I am afraid this will be a more comprehensive change and
I don't think it is feasible for 1.0.0.
But I added a TODO file to NessusClient to not forget this item.

Best

        Jan
-- 
Jan-Oliver Wagner: www.intevation.de/~jan  | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban    : thuban.intevation.org
Intevation GmbH  : www.intevation.de       | Kolab     : www.kolab.org
FreeGIS          : www.freegis.org         | GAV       : www.grass-verein.de
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  plugin 15642 false positive on apache 2.0.55 / OpenSSL 0.9.8a?, Max Andersen
Next by Date:  Re: Preferences in 1.0.0RC3 client, Richard Moore
Previous by Thread:  Preferences in 1.0.0RC3 client, Nelson, C.M.
Next by Thread:  Re: Preferences in 1.0.0RC3 client, Richard Moore
Indexes:  [Date] [Thread] [Top] [All Lists]