[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Proposed semantics for operations involving INDETERMI NATE
"Daniel Engovatov" <dengovatov@crosslogix.com> wrote: >Completely disagree. Every single security system differentiates between, >say, "incorrect password" and "service not available". OSF DCE, Apollo Domain, and HP-UX all are very careful NOT to make any distinctions (I've worked on lots of other systems, but not recently enough to speak with reliance on my memory). The systems I've worked with even introduce intentional delays so that a user can't tell whether a login attempt failed due to invalid user name, invalid password, some service not available, etc. This is to avoid leaking any information that might help an attacker. Login either succeeds or it fails, and the time it takes to get a response is the same in either case. Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group, Sun Labs Sun Microsystems, Inc., Burlington, MA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC