|
From: | Neil Tiffin |
Subject: | Re: [Gnue-dev] Appserver/Common Issues |
Date: | Sat, 23 Nov 2002 14:27:59 -0500 |
At 4:23 PM +0000 11/23/02, Robert Jenkins wrote:
Presumably the usernames & passwords will be stored in the main database, so the program must have a built-in or configured 'fixed' password to be able to verify user logins (and create a fixed 'superuser' login when initially installed to allow users to be added by the system admin?). Remember GNUe is supposed to be a cross-platform application, with Windows 98 etc. systems as possible clients. You cannot assume security at the client O.S. level!
This sounds good for phase I, but having user passwords in the database will be suboptimal in any situation that has more than a few users. From a maintenance standpoint we should be able to use LDAP or Active Directory to validate passwords and not store them in the database.
Also I hope that you did not mean to imply that we should have a fixed admin password. That is a security nightmare.
Neil address@hidden
[Prev in Thread] | Current Thread | [Next in Thread] |