Announcement Announcement Module
No announcement yet.
Acegi users or security accreditation Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi users or security accreditation

    I was wondering who some of Acegi's major users (i.e. what companies are using it) are or if Acegi has passed any security accreditations?

  • #2
    Acegi Security is used in a wide variety of applications by a range of companies, including some very large ones. However, understandably many consultants working on those projects aren't able to disclose the companies they work for. I receive emails from peope privately and as such I know it is being used in some interesting places.

    Acegi Security has not been subject to any security evaluations AFAIK, but the sheer volume of people using it would suggest issues have a greater chance of being found + fixed than writing home-grown security code (which unfortunately is still the way most people deal with security in enterprise apps if the Servlet Spec proves insufficient).


    • #3
      I can certainly understand why developers might not want to disclose the fact that they're using Acegi Security in their projects. I suspect the same would be true with us too.

      While reviewing the security infrastructure for our project which is currently a JAAS-based network of code I threw out the idea of using Acegi Security since we're already using Spring. During those discussions management wanted to know what Acegi Security's usage or accreditations it may have. On that note, I don't think JAAS has any security accreditations either so this may be a moot point of comparison.

      But, if anyone would be willing to share how they're using Acegi Security and on what projects privately it would be very helpful.