Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
1 reply
Subscribers
9 subscribers
Views
1133 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
General
our IT Security team is asking us about how Appian is using Session Tokens. Cou
timothyo
over 9 years ago
our IT Security team is asking us about how Appian is using Session Tokens. Could you please help me to address some of there questions?
Is the session token use unique, non-predictable and resistant to reverse engineering?
Does the session token contain only session related information?
Does the session token become invalid after clicking the logout button? Users must re-authenticate and are issued a new session token when logging on again.
Does the application have a large session token to be less vulnerable to brute force attacks? [Note: At the time of this writing 128-bit token space is sufficient to defeat brute force attack. As processing power and available bandwidth increases the required size shall increase as well. ]
OriginalPostID-185664
OriginalPostID-185664
Discussion posts and replies are publicly visible
Parents
0
Eduardo Fuentes
Appian Employee
over 9 years ago
The only publicly available information about authentication is:
forum.appian.com/.../Authentication.html
other useful information at
forum.appian.com/.../Hardening_Appian.html
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Reply
0
Eduardo Fuentes
Appian Employee
over 9 years ago
The only publicly available information about authentication is:
forum.appian.com/.../Authentication.html
other useful information at
forum.appian.com/.../Hardening_Appian.html
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Children
No Data