Me thinks the solutions is to deprecate the User Tool. If accessing DV plugins from a midtier session, the current session information is used to load the DV plugin and populate the DVF. How does one initiate an SSO session from a native tool if an SSO session is not established in the context of a web browser? Kerberos is the only remotely widely deployed cross-platform technology I can think of.
Axton On Sat, Sep 24, 2011 at 7:33 AM, John Baker <[email protected]>wrote: > David > > Encrypting the password is a useful step, but not a very useful step as > essentially the password is still there and could be decrypted, and if one > has a copy of the Mid Tier jar files, it's probably achievable in about 2 > minutes. This would almost certainly fail a security audit. > > The only way to solve this problem is to remove the passwords by > implementing SSO. > > > John > -- > SSO Plugin: Bringing BMC products together. > http://www.javasystemsolutions.com/jss/ssoplugin > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
