gnue-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnue-dev] Appserver/Common Issues

From: Neil Tiffin
Subject: Re: [Gnue-dev] Appserver/Common Issues
Date: Sat, 23 Nov 2002 14:27:59 -0500 
At 4:23 PM +0000 11/23/02, Robert Jenkins wrote:

Presumably the usernames & passwords will be stored in the main
database, so the program must have a built-in or configured 'fixed'
password to be able to verify user logins (and create a fixed
'superuser' login when initially installed to allow users to be added by
the system admin?).
Remember GNUe is supposed to be a cross-platform application, with
Windows 98 etc. systems as possible clients. You cannot assume security
at the client O.S. level!
This sounds good for phase I, but having user passwords in the database will be suboptimal in any situation that has more than a few users. From a maintenance standpoint we should be able to use LDAP or Active Directory to validate passwords and not store them in the database.
Also I hope that you did not mean to imply that we should have a fixed admin password. That is a security nightmare. 

Neil
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]