Hi, 2007/3/1, Michael Monnerie <[EMAIL PROTECTED]>:
On Mittwoch, 28. Februar 2007 21:26 Martin Hierling wrote: > thats not how shibboleth is working .... as far as i can say the > framework only tells the webapp the user is authenticated. A > password exchange is not possible. So from a security point of view it's broken by design. Or is that the idea behind that app?
i think it is not. Why exchange passwords if there is a trusted way to say if the user is authenticated or not. The shib website tells something about security, and after some audits it is assumed to be safe. Martin
_______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
