Has anyone requested something like CoSign to be setup? http://www.umich.edu/~umweb/software/cosign/
This would allow various CGI apps to use central hcoop.net authentication, but prevent the actual password itself for being passed to apps that were written / installed by random members. (This is a security measure to prevent passwords for being stored by these apps.) UIUC uses a similar thing called Bluestem (https://www-s.uiuc.edu/bluestem/notes/overview.html) and it works quite well. It does require SSL for eash site to prevent passwords from being stolen off the wire, but I assume any site asking for a password would already do this. If this isn't needed, feel free to ignore this, but I for one to not trust random CGI apps from others users to not store passwords. I don't think that having a seperate web password is a good solution to this problem. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
