WebApp Sec mailing list archives
RE: Securing password between webserver & appserver.
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Tue, 8 Sep 2009 14:14:00 +0100
Or why not bypass the webserver altogether for auth if itisnt trusted. Send credentials directly to the app server, that is assuming the app server is publicly accesible.
Yup, would work. However, it would be a novel situation in which the
credentials were sensitive, but the data was not.
I would personally be trying to resolve the untrusted web server
situation...
Martin...
Current thread:
- Re: Securing password between webserver & appserver., (continued)
- Re: Securing password between webserver & appserver. Robert Hajime Lanning (Sep 07)
- RE: Securing password between webserver & appserver. EXT-Adams, Randall E (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 08)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- RE: Securing password between webserver & appserver. Ken Schaefer (Sep 07)
- Re: Securing password between webserver & appserver. Till Elsner (Sep 08)
- Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
- RE: Securing password between webserver & appserver. Calderon, Juan Carlos (GE, Corporate, consultant) (Sep 09)
- Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
- RE: Securing password between webserver & appserver. Martin O'Neal (Sep 07)
- RE: Securing password between webserver & appserver. Martin O'Neal (Sep 08)