Educause Security Discussion mailing list archives
Re: Back on topic.... Re: [SECURITY] University credentials used by third parties
From: Mike Porter <mike () UDEL EDU>
Date: Wed, 25 Aug 2010 14:53:17 -0400
On Wed, 25 Aug 2010, Jesse Thompson wrote:
On 08/25/2010 10:55 AM, Mike Porter wrote:What was the violation?The obvious, unless you consider double standards a violation.The problem that users woud need to store a password, likely the regular one, at gmail in order to use imap?right.We ended up with a convoluted system to avoid some of those issues.Care to elaborate? I presume that the only solution to this problem is to require token-passwords for IMAP in lieu of the real passwords.
Yes. The user can chose to send their "real" password, a random password we will reveal to them, or a completely different password. This causes lots of confusion. But, not as much as Google's decision to block API based forward setting with 0 days notice. I'm still living with the changes that caused. You do get what you pay for... Mike
Jesse
- Mike Porter PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA 2F D2 37 F3 99 ED D1 C2
Current thread:
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties, (continued)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 24)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Semmens, Theresa (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Eric Case (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Adam Carlson (Aug 25)
- Experience with EPO and endpoint encryption David Grisham (Aug 25)
- Re: Experience with EPO and endpoint encryption Gibson, Nathan J. (HSC) (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Darren Fallis (Aug 24)
- Re: University credentials used by third parties Greg Schaffer (Aug 17)
- Re: University credentials used by third parties Flynn, Gary - flynngn (Aug 17)
- Re: University credentials used by third parties Paul Kendall (Aug 18)
- Re: University credentials used by third parties Bradley, Stephen W. Mr. (Aug 18)
- Re: University credentials used by third parties Bristol, Gary L. (Aug 18)
- Re: University credentials used by third parties Ken Connelly (Aug 18)