users@glassfish.java.net

Identity Services Security

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Ronak Patel <ronak2121_at_yahoo.com>
Date: Sun, 6 Jun 2010 14:21:35 -0700 (PDT)

Hello,

I had a question about how secure the tokens that are generated by the server are when we use the OpenAM Identity Services.

Would these tokens, when sent through cleartext, be vulnerable to man in the middle or session hijacking attacks?

If so, should I be encrypting all traffic being sent to the server that uses Identity Services?

Thanks,

Ronak

This message: [ Message body ]
Next message: glassfish_at_javadesktop.org: "Re: Caused by: java.nio.channels.UnresolvedAddressException"
Previous message: Martin Gainty: "RE: how to Logout with SSO enable"
Next in thread: Martin Gainty: "RE: Identity Services Security"
Reply: Martin Gainty: "RE: Identity Services Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]