Secure Coding mailing list archives

RE: Credentials for Application use

From: ljknews <ljknews () mac com>
Date: Thu, 12 May 2005 01:46:06 +0100

At 11:28 AM -0400 5/11/05, Goertzel Karen wrote:

Of course, and SSO is only as secure as (1) the assurance of the
credential on which it bases its authentication decisions (a static
password with an SSO is a really STUPID idea);


That depends on the security of the channel between the user and
the entity authenticating the password.  A fixed password used to
unlock a token by entering it into keys on the token is not bad.
Use the keyboard associated with a programmable computer, and you
increase the risks monumentally.
-- 
Larry Kilgallen

Current thread:

RE: Credentials for Application use, (continued)
- - - RE: Credentials for Application use Gizmo (May 11)
    - RE: Credentials for Application use Mikey (May 12)
- RE: Credentials for Application use Goertzel Karen (May 11)
  - RE: Credentials for Application use Gizmo (May 11)
    - RE: Credentials for Application use ljknews (May 11)
    - Re: Credentials for Application use Dave Aronson (May 12)
    - RE: Credentials for Application use Gizmo (May 12)
    - Re: Credentials for Application use Dave Aronson (May 13)
    - RE: Credentials for Application use Mikey (May 12)
    - Re: Credentials for Application use Michael Silk (May 12)
  - RE: Credentials for Application use ljknews (May 11)
- RE: Credentials for Application use Goertzel Karen (May 12)
  - RE: Credentials for Application use ljknews (May 12)