On a side note, Rusty has implemented a passwd change facility into a TF plug-in. I provide this capability on my site and am worried about it and in plain text logins in general. I really wish a method to prevent inadvertent disclosure of the login/password pair by packet sniffers was in place. The same protection should be in place for all TCP connection methods (Telnet, http, etc)
I second this. Does anyone know of a method to encrypt the password until it gets to another file that can decode it? We had a meeting yesterday on this very issue. The password change from the web is a really cool tool.