With the current functionality of jetspeed displaying the userid as a component of the url, I was wondering if anyone has considered that in and of itself a security weakness. With common two-factor authentication (userid and password), 50% of this security barrier is disclosed fairly quickly and available to anyone interested in "social engineering" or even minor shoulder surfing. Of course, the context of this discussion assumes that some confidential information is being used or stored in the portal.
Interestingly enough, Yahoo shows the userid in the window caption bar and Netscape shows user ids in the url. It would appear, however, that Netscape is showing an internally generated id for the user (maybe actually the primary key in the user table?. Any thoughts or comments? Brad __________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
