Re: Forms and integrated authentication combined

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: John Saunders (john.saunders)
Date: 03/09/04 

Date: Tue, 9 Mar 2004 18:57:56 -0500

"Jason" <jason@solid.freeserve.co.uk> wrote in message
news:c2ljd4$8pj$1@news5.svr.pol.co.uk...
...
> Forms authentication suffers from the problem that users will inevitably
use
> the same password as their NT account, meaning passwords would be stored
in
> a less secure database. I could authenticate on the domain each time they
> log in, but then the login.aspx page could be hacked to siphon off these
> passwords.

I don't get it. How would authenticating against the domain turn login.aspx
into a source of passwords? 

-- 
John Saunders
John.Saunders at SurfControl.com

Relevant Pages

  • Re: Need to upgrade password security
    ... system in place using mod_auth_mysql and Basic authentication. ... should be able to set their own passwords and change them. ... I've never written any PHP or Javascript, but I'm experienced with CGI. ... relying on basic HTTP authentication ...
    (comp.infosystems.www.servers.unix)
  • Re: Windows Authentication (asp.net 1.1 C#)
    ... it is up to you how you store your passwords - FormsAuth is just a mechanism ... Usually you store the passwords in a database using salted hashes - have a look at PasswordDeriveBytes class ... Authentication or Form Authentication. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • SSH Close to working, but need help!
    ... connecting to host with "public authentication failed for user xxx" ... Protocol 2,1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.security.ssh)
  • problem on sshd setup: public key support
    ... Now I have some problem to setup public key authentication: ... Server refused our key ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS ...
    (comp.os.linux.misc)
  • Re: Sparc Solaris NIS client Linux NIS server
    ... >> I'll check over the nsswitch.conf and verify that its right. ... >> insecurities with NIS. ... If "shadow" passwords are enabled properly, ... once I get the authentication working I will ...
    (comp.os.linux.setup)