Difference between revisions of "Talk:Open Grid Protocol"
Jump to navigation
Jump to search
Lillie Yifu (talk | contribs) (Comment on potential security problem) |
(No difference)
|
Revision as of 09:36, 22 August 2008
Choosing an Agent
" Choosing an Agent
The credential presented by the viewer may be valid for more than one agent. If so, then the viewer must specify the agent it wishes to control. If none is specified, and there are multiple possible agents, then log in will fail, and contain a list of possible agents. The viewer can then choose and reattempt login. "
That looks like a security hole, because it means that a person who gets login credentials now knows something they did not prove they knew before, namely the agent list. It should not include a list of agents, instead, an identifiable agent should be considered part of the credentials necessary for login.
Lillie Yifu 09:36, 22 August 2008 (PDT)