[Full-disclosure] password vaults-
George Capehart
capegeo at opengroup.org
Thu Oct 13 04:39:00 BST 2005
David Royer wrote:
> Sorry for the very noob question, but I'm having very hard times finding
> such products.
> I have the pleasure and the incredible chance to support generic (shared
> admin) passwords. I'm looking for a commercial product to manage the
> distribution and protection of these passwords. Must be RSA compatible and
> Active Directory (LDAP, to retrieve info and allow access). Also must be
> able to support web (https) for users to log in and get the passwords they
> are allowed to see.
> Best regards!
OK. In spite of the fact that this has got to be a troll, I'll bite . . .
Run from that as fast and as far as you can. Under /*any*/
circumstance, shared passwords are a major no-no. You're setting
yourself up for misery . . . And allowing users "to log in and get the
passwords they are allowed to see"? Think about that for a while and
see if you can identify some potential risks there . . .
/g
Full-Disclosure is hosted and sponsored by Secunia.