Full Disclosure mailing list archives
Re: password vaults-
From: George Capehart <capegeo () opengroup org>
Date: Wed, 12 Oct 2005 23:39:00 -0400
David Royer wrote:
Sorry for the very noob question, but I'm having very hard times finding such products. I have the pleasure and the incredible chance to support generic (shared admin) passwords. I'm looking for a commercial product to manage the distribution and protection of these passwords. Must be RSA compatible and Active Directory (LDAP, to retrieve info and allow access). Also must be able to support web (https) for users to log in and get the passwords they are allowed to see. Best regards!
OK. In spite of the fact that this has got to be a troll, I'll bite . . .Run from that as fast and as far as you can. Under /*any*/ circumstance, shared passwords are a major no-no. You're setting yourself up for misery . . . And allowing users "to log in and get the passwords they are allowed to see"? Think about that for a while and see if you can identify some potential risks there . . .
/g _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- password vaults- David Royer (Oct 12)
- Re: password vaults- George Capehart (Oct 12)
- RE: password vaults- Aditya Deshmukh (Oct 12)
- <Possible follow-ups>
- RE: password vaults- Madison, Marc (Oct 13)
- Re: password vaults- Bart Lansing (Oct 13)