Too true Susan. Also in Banks, at least in SA, you need the Account number/PIN/Password combination to get access to your account and not just a password.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: 19 September 2006 18:26 To: [email protected] Subject: Re: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP I have been told (BTW) by the patch management tool folks that still support customers that buy NT patches -- that their main customers that buy NT patches from Microsoft are banks and financial institutions. Consider as well that when I walk into Bank of America they are running DOS based apps. I wouldn't use "banks" as a shining example of security policy...when BofA has 1. allowed slammer to nail their ATM networks 2. Lost backup tapes causing identity theft as two such shining examples of security policy in action. Who's going to be on the firing line when something happens? Bank of America? Or your buns? If it's your buns, are your comfortable with not changing passwords? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: > I have been involved in externally facing Microsoft sponsored > extranet/Sharepoint sites. > > The password gets changed. > > We have a GUI web portal and we are forced to change the password. > Sales people set your security policy these days? > > Ramon Linan wrote: >> HI, >> >> I have a SharePoint site for a client, it is driving me crazy because >> the sales people are telling me that the users for this site, cant >> have their password expiring. The client is a government agency, so I >> don't want to be responsible for any information being stolen. >> >> How big of a security risk is not having password expiring? it seems >> to me like security 101, but the sales guy is saying that banks don't >> ask you to change your password every X day, good point. >> >> >> Something I was thinking is having SharePoint authenticating with >> their LDAP server, is this possible to do? can anybody point to a url >> on how to do this? >> >> thanks >> >> Rezuma > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Disclaimer: The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. Confidentiality: The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED] Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
