Security Basics mailing list archives
Betr.: Active Directory Web-Based Password Reset
From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Wed, 19 Nov 2003 09:14:14 +0100
Well, What platform are you developing? Java? .NET? etc....? If it is going to be webbased.. you have to think about security risks like brute force, SQL injection, SSL etc... maybe you can give some more specifics first? Met vriendelijke groet, Philip Wagenaar AccoN Accountants & Adviseurs ICT Project Bureau Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl http://www.accon.nl
Jason Brooks <jbrooks () longwood edu> 18-11-03 16:09 >>>
We are looking at implementing a web-based password reset system for our entire campus. This would allow us numerous enhancements and security benefits without requiring a 24 hour help desk staff. I know that there are disadvantages to such a system. Our initial plan is to develop one in-house. So doing, we don't want to reinvent the wheel, or follow others into known pitfalls. So, what I am requesting is any advice, war stories, suggestions, pitfalls, etc you can muster. Thanks, Jason Jason Brooks Information Security Technician IITS 116 - B Coyner Longwood University 201 High Street Farmville, VA 23901 (434) 395-2796 --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal ##################################################################################### --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Betr.: Active Directory Web-Based Password Reset Philip Wagenaar (Nov 19)