AnsweredAssumed Answered

Queries related security Siteminder ?

Question asked by ramveer on Sep 17, 2017
Latest reply on Sep 22, 2017 by Hubert Dennis

Hello Experts,


Can you help me to understand the below queries?


What is the purpose of CrytoProvider in Siteminder?


In a form based auth scheme, where the posting happens to login.fcc, can the credentials captured by middle man attack? I am trying to understand, in a client machine, how securely the credentials can be posted to login.fcc? I am aware that the SSL/TLS connection is there and Men-in-middle attack can be prevented. But on the client side "form posting" , can the credentials captured? 


How effectively Siteminder can be used to secure web applications? I am aware of CSS checks, Bad chars related checks are there. Can we list out the list of ACO parameters supports in enhancing web app security?