RMS portal authentication

Created by Dong Chen (Bowling Green State University) on November 15, 2008

If you use RMS (Residential Management Systems) software, then be aware that their portal authentication isn't secure. The portal authentication employs javascript functions to encode/decode user credentials. That can be easily defeated. We talked to RMS, and they admitted that is possible, but they don't have any other ways to do it. So we came up our custom portal authentication method. I heard RMS plans to improve their authentication next year. Hopefully, they will implement more robust authentication method.

This wasn't an issue because I think most universities use it standalone. You can tie it using LDAP/Active Directory nicely. But when you integrate with portal and single sign-on, that is where security concern came.

dchen's blog
Login or register to post comments
202 reads

		RMS portal authentication Created by Dong Chen (Bowling Green State University) on November 15, 2008 If you use RMS (Residential Management Systems) software, then be aware that their portal authentication isn't secure. The portal authentication employs javascript functions to encode/decode user credentials. That can be easily defeated. We talked to RMS, and they admitted that is possible, but they don't have any other ways to do it. So we came up our custom portal authentication method. I heard RMS plans to improve their authentication next year. Hopefully, they will implement more robust authentication method. This wasn't an issue because I think most universities use it standalone. You can tie it using LDAP/Active Directory nicely. But when you integrate with portal and single sign-on, that is where security concern came. Information Systems and Services \| Portals \| Single Sign On dchen's blog Login or register to post comments 202 reads
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.