Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Zope: CMF RE: [Zope-PTK] PROPOSAL: A Confidence Mechanism in User Role Mana gement   Index | Next | Previous | View Flat

rob.page at digicool Feb 9, 2000, 9:47 PM Views: 86 Permalink RE: [Zope-PTK] PROPOSAL: A Confidence Mechanism in User Role Mana gement > So, if cleartext is less trustworthy because it's sniffable, it > follows that using cleartext once compromises the secure > channels as well, and so they should be no more trusted than cleartext UNTIL > the password's been changed. Oh. But, if you are now less-than-confident > of the remote user, you can't let them change the password so as to become trusted > again! D'oh. Seems like a Catch 22, I must not be getting something. This is a valid point. This is why many sites have you login over SSL. Perhaps they assign you an expiring cookie which you can carry around and over unsecure channels. Ideally, password specification and password presentation are all done over secure comm - then you don't have to discount the confidence in the password as an accurate authentication mechanism. --Rob

Subject User Time RE: [Zope-PTK] PROPOSAL: A Confidence Mechanism in User Role Mana gement rob.page at digicool Feb 9, 2000, 9:47 PM     Re: [Zope-PTK] PROPOSAL: A Confidence Mechanism in User Role Mana gement petrilli at digicool Feb 10, 2000, 7:08 AM

Index | Next | Previous | View Flat   Zope     Announce     Users     Dev     Coders     CMF     DB     Web     XML     CVS

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.