mailing list archives
Re: password vaults-
From: George Capehart <capegeo () opengroup org>
Date: Wed, 12 Oct 2005 23:39:00 -0400
David Royer wrote:
Sorry for the very noob question, but I'm having very hard times finding
I have the pleasure and the incredible chance to support generic (shared
admin) passwords. I'm looking for a commercial product to manage the
distribution and protection of these passwords. Must be RSA compatible and
Active Directory (LDAP, to retrieve info and allow access). Also must be
able to support web (https) for users to log in and get the passwords they
are allowed to see.
OK. In spite of the fact that this has got to be a troll, I'll bite . . .
Run from that as fast and as far as you can. Under /*any*/
circumstance, shared passwords are a major no-no. You're setting
yourself up for misery . . . And allowing users "to log in and get the
passwords they are allowed to see"? Think about that for a while and
see if you can identify some potential risks there . . .
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/