Security

The Peripheral Device Tool uses SSL for all communications between the Web server and the browser. This prevents eavesdroppers on the network from gleaning any passwords entered into the Peripheral Device Tool. Additionally, SSL keeps anyone with the ability to inject packets on your network from hijacking your session.

When you access pdweb from a Web browser, you log on using the secure HTML log-on screen. Your log-on information is securely transmitted using the SSL protocol. SSL provides data encryption and server authentication by using a public and private key technology. The Web server uses a certificate for server authentication. By default, this certificate is self-signed, but it may be replaced by a certificate that is signed by a trusted certificate authority.

If the Web browser is displayed on a different system than it is running on, X Window events are sent over the network as clear text. It may be possible to intercept information, including passwords, as it moves between the system the browser is running on the system it is displayed on. The pdweb command does not automatically use a Web browser unless it is running on the same host as the X-Windows server. To override this security feature, use the -F option.

	IMPORTANT: When the Peripheral Device Tool is used as part of sam(1M), it is launched using the -F, which provides the same security as in sam. Refer to the pdweb(1M) manual page for more details.