Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can we prevent users SSO credentials from being compromised in a security breach #20

Open
carrollgt91 opened this issue Mar 24, 2020 · 0 comments
Open

How can we prevent users SSO credentials from being compromised in a security breach #20

carrollgt91 opened this issue Mar 24, 2020 · 0 comments
Labels
open question security Type: Discussion 🔈 When further discussion and debate is required

Comments

@carrollgt91
Copy link
Contributor

In the eventuality that a PIS database compromised, all of the SSO credentials that have been associated with the user accounts would be usable to query any data in the corresponding APIs that the credentials are authorized to access. This would be somewhat mitigated for APIs that restrict requests to come from a given domain, but in the event that the database for a PIS is compromised, the PIS server itself could also be compromised.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
open question security Type: Discussion 🔈 When further discussion and debate is required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@carrollgt91