IBM Sametime Security Hole

Posted At : February 3, 2009 8:19 PM | Posted By : Gary Gilbert
Related Categories: Software,Programming

The instant messaging expert Carl Tyler has published, what he deems to be, a security hole in IBM's Lotus Sametime instant messaging software on his blog. Apparently IBM doesn't think that what Mr. Tyler claims to be a bug is actually a bug.

Although I would have to agree with Mr. Tyler that a plug-in programmer should not have access to a users clear text password simply by calling a function in the connect client API.

Most API's that I have worked with provide a token to the developer that must be passed with each subsequent request and at no time is it possible to get access to a users password.

I find it rather interesting that IBM would provide such functionality in an API. The question is what purpose would the developer have for such a function.

There is never any need for a developer to have access to a users password. Ever!

Comments (0) | del.icio.us | Digg It! | Linking Blogs | 2769 Views
0 Comments to "IBM Sametime Security Hole"- Add Yours

There are no comments for this entry.

[Add Comment]

Powered By Railo

Subscribe

Subscribe via RSS
Follow garyrgilbert on Twitter Follow me on Twitter
Or, Receive daily updates via email.

Tags

adobe air ajax apple cf community cfml coldfusion examples ext flash flex google javascript jquery max2007 max2008 misc open source programming railo software technology ui

Recent Entries

No recent entries.

Blogroll

An Architect's View
CFSilence
Rey Bango
TalkingTree

Wish List

My Amazon.com Wish List