Re: external ACL

From: Henrik Nordstrom <>
Date: Fri, 20 Jul 2001 09:55:12 +0200

Chemolli Francesco (USI) wrote:

> Actually, I think I'd need it. There's an awful habit of password-sharing
> in some places.

And the strict mode is not acceptable to you? Completely denying the
second user access until the IP TTL has expired.

I only questioned the need of the "soft/automatic" mode.

> > (if someone could explain the
> > logics behind
> > resubmitting exactly the same credentials as was rejected I would be
> > glad to know..)
> Maybe as a workaround for buggy server-side authenticators?

Not a valid concern, unless ofcourse if the browser and server have the
same author and that author feels it is easier to work around their
server by patching their browser..

My only explanation is a bug occuring as a sideeffect of implementing
challenge based schemes having more than one authentication exchange

Received on Fri Jul 20 2001 - 02:13:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:07 MST