display | more...
In computer security, the principle that access to one system grants access to another, without need to authenticate to the second system. Transitive trust is usually the bane of security in any design.

Most client-server models that use client authentication fall prey to transitive trust. The user authenticates themself to the application on their desktop, which requests data from the server. The server trusts the client-side application; gaining control of the client application also gives one control of the server.

The key feature of transitive trust is that it is blind to an endpoint - it trusts a middlepoint, which is trusting something further down the line.

Log in or register to write something here or to contact authors.