Secure Coding mailing list archives
RE: Credentials for Application use
From: ljknews <ljknews () mac com>
Date: Thu, 12 May 2005 01:46:06 +0100
At 11:28 AM -0400 5/11/05, Goertzel Karen wrote:
Of course, and SSO is only as secure as (1) the assurance of the credential on which it bases its authentication decisions (a static password with an SSO is a really STUPID idea);
That depends on the security of the channel between the user and the entity authenticating the password. A fixed password used to unlock a token by entering it into keys on the token is not bad. Use the keyboard associated with a programmable computer, and you increase the risks monumentally. -- Larry Kilgallen
Current thread:
- RE: Credentials for Application use, (continued)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use Mikey (May 12)
- RE: Credentials for Application use Goertzel Karen (May 11)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use ljknews (May 11)
- Re: Credentials for Application use Dave Aronson (May 12)
- RE: Credentials for Application use Gizmo (May 12)
- Re: Credentials for Application use Dave Aronson (May 13)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use Mikey (May 12)
- Re: Credentials for Application use Michael Silk (May 12)
- RE: Credentials for Application use ljknews (May 12)