View Single Post
Old 06-12-2008, 11:40 AM   #1 (permalink)
imercado
New Member
 
Join Date: Jun 2008
Model: 8800
PIN: N/A
Carrier: At&t
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Security risk with enabling "Support HTTP Authentication"?

Please Login to Remove!

I am in discussion with my BES admin about enabling the "Support HTTP Authentication" flag so we can access data on our sharepoint sites that need to authenticate us with our domain ids. However, he believes that there is a security risk associated with this, stated as follows:

"there is a security risk involved with including domain credentials within http headers"

"When you include domain credentials in the http headers it can be read by any browser. So for example now your pin information is passed to any site you go to via http headers."

Based on the collective wisdom of this group, is there general agreement that indeed a security exposure is enlarged by enabling BES's support for HTTP authentication? I certainly don't want to expose our organization to any security concerns, however, I would have thought that the BES infrastructure would have done a good job of masking credentials that are passed to it via HTTP authentication so that this would not be a concern.

Thanks!

Ian
Offline   Reply With Quote