notes/remove_securex_tg_login_button.org
This commit is contained in:
parent
1afc9dd8f3
commit
975ff20fb8
1 changed files with 9 additions and 5 deletions
|
@ -16,14 +16,18 @@ Using this solution we could link the accounts using the email address.
|
|||
If Threatgrid ensure that every login has a verified email, SecureX could
|
||||
remove a flag, and the Threatgrid user could login into SecureX in the TG
|
||||
created org by using the same email.
|
||||
The only change in SecureX will be to change a configuration flag.
|
||||
The only change to be done in SecureX will be to change a configuration flag.
|
||||
|
||||
*Why?*
|
||||
|
||||
If TG does not verify the emails and we enable the flag, it would be
|
||||
possible for a TG user to trick another user with another email into their
|
||||
own SecureX account.
|
||||
|
||||
If TG does not verify the emails it makes possible for a TG user to trick another
|
||||
user with another email into their own SecureX account.
|
||||
Example:
|
||||
|
||||
1. User1 in Threatgrid, change its email address in TG to `chuck@cisco.com`
|
||||
2. User1 create a new SecureX account (SecureX save `chuck@cisco.com` for his email)
|
||||
1. User1 in Threatgrid, change its email address in TG to =chuck@cisco.com=
|
||||
2. User1 create a new SecureX account (SecureX save =chuck@cisco.com= for his email)
|
||||
3. The real Chuck login via SXSO, and is automatically logged in into the
|
||||
User1 account.
|
||||
|
||||
|
|
Loading…
Reference in a new issue