[2922] in WWW Security List Archive
Off topic - DLL security
daemon@ATHENA.MIT.EDU (Hamilton, Ed @ OTT)
Wed Sep 11 12:44:07 1996
From: "Hamilton, Ed @ OTT" <ehamilt@esc.lmco.com>
To: "'Security Mail" <www-security@ns2.rutgers.edu>
Date: Wed, 11 Sep 96 10:52:00 EDT
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
I believe this is a little off topic, but it really should be
considered here as well. I am looking at implementing a secure product that
uses a DLL for various means including accessing a PCMCIA Card. My concern
is that someone can spoof this DLL and gain access to my password.
The relevance to www-security is the use of PC Cards or Smart Cards to
authenticate individuals to a web application which in turn uses secure http
or whatever to communicate to a location such as a bank.
Does anyone have any suggestions. implementation, ideas on how
authentication can be securely performed to PC Card via a DLL? Are there
any standards in the works? I really want to start a *BIG* discussion on
this. Does anyone know of other lists that I can send this to that will be
interested in this topic?
--- Ed.Hamilton@lmco.com
