Re: Windows Authentication question
From: Natan (nvivo.misc_at_mandic.com.br)
Date: 03/24/05
- Next message: Mark Oeltjenbruns: "Using Weak keys in DES and TripleDES"
- Previous message: Nicole Calinoiu: "Re: Windows Authentication question"
- In reply to: Nicole Calinoiu: "Re: Windows Authentication question"
- Next in thread: Paul Clement: "Re: Windows Authentication question"
- Reply: Paul Clement: "Re: Windows Authentication question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Mar 2005 12:24:32 -0300
Nicole Calinoiu wrote:
> That's still possible even if you use integrated Windows authentication. If
Yes, but i don't want to use it. I want just to check username and
password against Active Directory user base. My fault to put "windows
authentication" in the subject.
> 1. The user presumably already has at least some access to your file,
> database, e-mail, print, etc. servers. Is intranet access somehow an even
> worse risk than accessing these other resources?
Yes.
> 2. Users will likely be able to instruct their browsers to cache their
> credentials even when logging in via an HTML form, so you won't be gaining
> any real protection by using a forms-based approach.
Yes, i will.
- Next message: Mark Oeltjenbruns: "Using Weak keys in DES and TripleDES"
- Previous message: Nicole Calinoiu: "Re: Windows Authentication question"
- In reply to: Nicole Calinoiu: "Re: Windows Authentication question"
- Next in thread: Paul Clement: "Re: Windows Authentication question"
- Reply: Paul Clement: "Re: Windows Authentication question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
