* Gary McGraw:

> My darkreading column this month is devoted to insiders, but with a
> twist.  In this article, I argue that software components which run
> on untrusted clients (AJAX anyone?  WoW clients?) are an interesting
> new flavor of insider attack.

I really wish this were something new. 8-(

In client/server applications, it's not too uncommon that the client
connects to the server with a hard-coded password, uses that to
download some kind of authentication table, and looks up a
user-supplied password in it.  If it's not found, the authentication
fails.  Apparantly, you can save some client licenses with such a
setup.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to