Home page logo
/

basics logo Security Basics mailing list archives

Authentication question & problem
From: evilwon12 () yahoo com
Date: 22 Apr 2008 16:41:02 -0000

Here is what my developers are wanting to do, and I cannot think of a secure way to do this.

Have a user (at home) authenticate against our LDAP through a company portal/site and have that authentication 
information passed to an external vendor, allowing the user at home to utilize the application from home after being 
authenticated.

So, it's user at site A, authenticating with site B, and the user at site A using the application (after authentiation) 
at site C.

Sorry for being long winded, but everything there screams MITM to me.  I am probably missing something easy.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault