Re: [Evolution-hackers] Authentication/Password Issue in Evolution Data Server .....

From: Chris Toshok <toshok ximian com>
To: Mike Mestnik <cheako911 yahoo com>
Cc: Amit Shrivastava <samit novell com>, evolution-hackers lists ximian com
Subject: Re: [Evolution-hackers] Authentication/Password Issue in Evolution Data Server .....
Date: Wed, 10 Mar 2004 12:20:32 -0800

Hm, insecure how?  Meaning the "once one client authenticates they're
all authenticated" problem?  This is definitely an issue, if you're
mixing trusted code (evolution, say) and non-trusted code (some libebook
using script your script-kiddie friend wrote)

Chris

On Wed, 2004-03-10 at 11:08, Mike Mestnik wrote:
> This would seam vary difficult to make secure, I.E. Java appelets from the
> web.  However I think I'm going to have a simular problem, thought I
> haven't wet cam accross documantation in the ebook docs for
> authentication.
> 
> --- Amit Shrivastava <samit novell com> wrote:
> > Hi,
> > 
> > I am using evolution-data-server API to get addressbooks data for OO.o,
> > so at the backend it uses ldap server, groupwise servr etc based on the
> > URI. 
> > 
> > For authenticating to the backend server like ( ldap server, groupwise
> > server etc ), it is required to provide password for each of the server
> > and manage these passwords in the client, "evolution" also
> > caches/manages these passwords , similarly each of the client have to do
> > password some management. Which is not a good thing. 
> > 
> > It should be such that once a client ( either evolution ) provides the
> > password it should be cached by the eds server and managed subsequently
> > and the client should'nt care about the backend authentication. I hope
> > we can avoid even first time password something like iLogin, once I
> > login in my desktop i dont need to provide password for any applications
> > :-).
> > 
> > It will be good option that the passwords for the backends are managed
> > by evolution-data-server, and client just need to tell other
> > configuration parameters, and never meddle with the passwords.
> > 
> > 
> > regards,
> > Amit 
> > _______________________________________________
> > evolution-hackers maillist  -  evolution-hackers lists ximian com
> > http://lists.ximian.com/mailman/listinfo/evolution-hackers
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> http://search.yahoo.com
> _______________________________________________
> evolution-hackers maillist  -  evolution-hackers lists ximian com
> http://lists.ximian.com/mailman/listinfo/evolution-hackers

Follow-Ups:
- Re: [Evolution-hackers] Authentication/Password Issue in Evolution Data Server .....
  - From: Mike Mestnik

References:
- Re: [Evolution-hackers] Authentication/Password Issue in Evolution Data Server .....
  - From: Mike Mestnik

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]