Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Re: Re: MySQL, PERL and web authentication

by wardk (Deacon)
on Jan 10, 2001 at 21:56 UTC ( [id://50950]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: MySQL, PERL and web authentication
in thread MySQL, PERL and web authentication

I'll have to take a look at MD5 style hashing, thanks for the alternative.

on the issue of clear transmissions... Due to issues that can only happen in large organizations, we are fighting a move to remove SSL from our single-login system to a straight http configuration... the reason? Users are getting fed up with accepting certificates, and being warned of a redirect (netscape is the standard and this dialog cannot be "turned off") and complaining loudly. I wish I could say I was making this up for a Dilbert/UserFriendly strip, but I am not...they want to remove the security from the security system.

Next they'll remove the door security because people are growing tired of having to swipe their badges through...arghhhh

If someone wants to write a Perl module that thwarts stupidity, I'll beta test!

  • Comment on Re: Re: Re: MySQL, PERL and web authentication

Replies are listed 'Best First'.
Re: Re: Re: Re: MySQL, PERL and web authentication
by sutch (Curate) on Jan 10, 2001 at 22:09 UTC
    My organization is in the process of implementing single sign-on for web based applications using an authentication server with cookies. We haven't yet run into these problems.

    Are your certificates issued by a well know CA, such as Verisign? Which versions of Netscape encounter the redirect warning?

[reply]

      We do use cookies post-login with a single authentication application. The login app is something other apps just "plug-in", due to it's design (I wasn't there then, and am just getting my feet wet with it now) it authenticates then redirects to the appropriate system they were logging into (many of which are not https).

      This SSL hosted redirect causes netscape to put up a dialog, but has no "check here to not ask again" so the user can avoid getting it next login.

      On the certificate, the users are only being asked once a year (or if their machines are re-genned, new computer, etc). Aparently that is just too often...go figure.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://50950]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (2)
As of 2024-04-26 00:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found