ARSList, Does anyone have any experience writing an implementation of this class: "com.remedy.arsys.session.Authenticator" ?
I am starting to toy with the idea of trying to integrate ARS Mid-Tier authentication with http://recaptcha.net/ and before I launch down that path I would love to hear from anyone who has already been there. ( So that I might avoid any pitfalls that I might not already be seeing.) What I think could be done is... (again only supporting the Mid-Tier client...) Implement a class that checks the recaptcha response, if it is "ok" then try to auth against ARS as normal. If that works, then let the user in. Later if the auth(recaptcha or ARS) fails... maybe a delay interval could be introduced with very little effort. Sounds simple... but I suspect the devil is in the details. :( Does anyone know if the v7.1 Mid-Tier supports this same implementation? (have we heard about any plans for 7.5 about this feature?) Thanks in advance. Also for the others that have no experience with this stuff.... Would an open sourced solution with a captcha login page for your Mid-Tier be of any interest to you? (AKA: Am I the only one in the ARSList world that thinks this is a reasonable thing to do?) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. On Jan 3, 2008 4:04 PM, Easter, David <[EMAIL PROTECTED]> wrote: > Such capabilities would be achieved by integrating AR System with an > Identity Management solution, and/or by utilizing the "Integrating > BMC(r) Remedy(r) Action Request System(r) with Single Sign-On (SSO) > Authentication Systems and Other Client-Side Login Intercept > Technologies" white paper. > > http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf > > Thanks, > > -Dave Easter > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Carey Matthew Black > Sent: Thursday, January 03, 2008 6:23 AM > To: [email protected] > > Subject: Re: Remedy and SQL injection attacks > > Is there a white paper (pdf / KB article / whatever) to find more > information about this snip from that white paper? > > " > AR System supports these safeguards: > CAPTCHA (Completely Automated Public Turing Test to Tell Computers > and Humans Apart) programs to prevent automated attacks Challenge > questions > Password authentication delay for unpredictable behavior of failed > passwords > Timed lock-down mode instead of lockouts > " > > -- > Carey Matthew Black > Remedy Skilled Professional (RSP) > ARS = Action Request System(Remedy) > > Love, then teach > Solution = People + Process + Tools > Fast, Accurate, Cheap.... Pick two. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
