Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

G

Topics created by george_4088

G

MFA on Integrated Auth
Support • 22 Nov 2024, 07:00 • george_4088 22 Nov 2024, 12:18

4

0
Votes

4
Posts

8
Views

22 Nov 2024, 12:18

Hi @george_4088, That is correct, but a brute-force attack wouldn't succeed unless an administrator used something silly like admin for their username and password for their password. You could just as easily integrate with an LDAP/Active Directory server, which will add timeouts and account lockouts to make it impossible to "crack" in our lifetime. SAML is fine too. My point is that it's like 1000 times more likely that the API Key used to publish those Chocolatey packages would be exposed in logs, configuration files, etc. That's the attack surface you want to be careful of. Cheers, Alana

Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation