One of the reasons we chose to go to level 3 was the ldap integration
module. It now appears to create a highly insecure environment: unlike
level 2, where login information was MD5 encrypted, level 3 + ldap simply
does a base64 encoding.
Other than running blackboard entirely in ssl, does anyone know of a
sensible solution to this security problem?
Herta
P.S. Of course Blackboard are willing to develop a solution, if we'd care to
pay for it.
|