on your point #6 --- you can avoid passwords by using a so-called 'one-time-password' scheme. in that case, the user usually calculates a one-time-password using a trusted portable computing device such as a 'hardware token'. then, if an attacker gets access to a particular one-time-password, it will not be valid anymore since the user already used it.
mike <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3824052#3824052";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3824052>Reply to the post</a> ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
