No - you don't seem to understand. The challenge-response protocol can ask
someone for the RSA key fob number this time, their mother's maiden name the
next time, their employee number the time after that, and nothing on the
fourth occasion. You cannot predict what the extra information requested is
going to be - so you can't provide the extra information in the initial
connection attempt because you don't know which extra information is going
to be needed. That's what provides the security - the unpredictability of
the question, so that it is hard to pre-programme the answer.
Ah but you can know in advance! :) You may not know the actual result
per instance, but you CAN know the decision process you'll need to go
through. Which you can provide as a parameter in the form of a CODE
reference. :) i.e. a callback
But that's a minor point and overall I completely agree with your
general ideas.
Adam K
- Re: DBI v2 - The Plan and How You Can Help Adam Kennedy
-
