Betr.: Active Directory Web-Based Password Reset

["Philip Wagenaar" <p.wagenaar () accon nl>]

Well,

What platform are you developing? Java? .NET? etc....?

If it is going to be webbased.. you have to think about security risks like brute force, SQL injection, SSL etc... 
maybe you can give some more specifics first?

Met vriendelijke groet,

Philip Wagenaar

AccoN Accountants & Adviseurs
ICT Project Bureau
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar () accon nl
http://www.accon.nl


> > > Jason Brooks <jbrooks () longwood edu> 18-11-03 16:09 >>>

We are looking at implementing a web-based password reset system for our 
entire campus.  This would allow us numerous enhancements and security 
benefits without requiring a 24 hour help desk staff.  I know that there 
are disadvantages to such a system.  Our initial plan is to develop one 
in-house.  So doing, we don't want to reinvent the wheel, or follow others 
into known pitfalls.  So, what I am requesting is any advice, war stories, 
suggestions, pitfalls, etc you can muster.

Thanks,
Jason

Jason Brooks
Information Security Technician
IITS
116 - B Coyner
Longwood University
201 High Street
Farmville, VA 23901
(434) 395-2796


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################

---------------------------------------------------------------------------
----------------------------------------------------------------------------