[Bug 28660] New: appdb uses phisable/replayable credentials

11 Oct 2011


      http://bugs.winehq.org/show_bug.cgi?id=28660
Bug #: 28660
           Summary: appdb uses phisable/replayable credentials
           Product: WineHQ Apps Database
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: appdb-unknown
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: kevinperson@topicbox.com
    Classification: Unclassified
The recent compromise of the winehq authentication databases highlights the
problem with using passwords as authentication credentials: they can be stolen,
and then you have to tell all your users their passwords are out there.
Use of an authentication server like OpenID (you can't lose secrets if you
don't keep them on your server) or a challenge-response scheme like client-side
SSL certs or phone verification avoids this problem.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 28660] New: appdb uses phisable/replayable credentials