Yes. We must allways plan for untrusted code to be run on the part of the user. Granted there is not much we can do about it but we can make it so that the passwords remain safe and that one applications will be able to use them. That is to say no password or key caching should happen in a lib.
--- Chris Toshok <[EMAIL PROTECTED]> wrote: > Hm, insecure how? Meaning the "once one client authenticates they're > all authenticated" problem? This is definitely an issue, if you're > mixing trusted code (evolution, say) and non-trusted code (some libebook > using script your script-kiddie friend wrote) > > Chris > > On Wed, 2004-03-10 at 11:08, Mike Mestnik wrote: > > This would seam vary difficult to make secure, I.E. Java appelets from > the > > web. However I think I'm going to have a simular problem, thought I > > haven't wet cam accross documantation in the ebook docs for > > authentication. > > > > --- Amit Shrivastava <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > I am using evolution-data-server API to get addressbooks data for > OO.o, > > > so at the backend it uses ldap server, groupwise servr etc based on > the > > > URI. > > > > > > For authenticating to the backend server like ( ldap server, > groupwise > > > server etc ), it is required to provide password for each of the > server > > > and manage these passwords in the client, "evolution" also > > > caches/manages these passwords , similarly each of the client have > to do > > > password some management. Which is not a good thing. > > > > > > It should be such that once a client ( either evolution ) provides > the > > > password it should be cached by the eds server and managed > subsequently > > > and the client should'nt care about the backend authentication. I > hope > > > we can avoid even first time password something like iLogin, once I > > > login in my desktop i dont need to provide password for any > applications > > > :-). > > > > > > It will be good option that the passwords for the backends are > managed > > > by evolution-data-server, and client just need to tell other > > > configuration parameters, and never meddle with the passwords. > > > > > > > > > regards, > > > Amit > > > _______________________________________________ > > > evolution-hackers maillist - [EMAIL PROTECTED] > > > http://lists.ximian.com/mailman/listinfo/evolution-hackers > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Search - Find what youre looking for faster > > http://search.yahoo.com > > _______________________________________________ > > evolution-hackers maillist - [EMAIL PROTECTED] > > http://lists.ximian.com/mailman/listinfo/evolution-hackers __________________________________ Do you Yahoo!? Yahoo! Search - Find what you�re looking for faster http://search.yahoo.com _______________________________________________ evolution-hackers maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution-hackers
