Tagged Questions

21
votes
9answers
1k views

Why do some people really hate security via client-side?

For instance, lets look at a common login system for a website HTTPS connection is made User submits credentials via POST Server-side code hashes the password and looks if it matches the user name ...
7
votes
1answer
314 views

What possible use does an iFrame have for security?

I'm looking at code for an old login form I'm redesigning. It's a simple table with two input fields for username and password. But just before the end </table> tag there's a blank iFrame which ...
6
votes
3answers
1k views

How can i find what hashing algorithm was used?

One of my clients has asked me to modify the login page that their board members use to access their materials. The problem here is that the person previously responsible for this has left no ...
3
votes
3answers
1k views

What authentication system (OpenID, Facebook, etc) permits Javascript-free and/or Cookie-Free operation?

I'm looking for an authentication system that relies on 3rd parties (ADFS, OpenID, SAML) but doesn't rely on cookies or Javascript... or at least can make them optional. My intent is to gracefully ...
1
vote
2answers
90 views

Should the Keygen element be used to create a certificate for mutual auth TLS? What alternatives are there?

I'm interested in using mutual auth TLS to improve the security of my javascript based webservices . I've looked at the Keygen element and given all its issues, not sure if this can even be used for ...
0
votes
3answers
705 views

Authentication between multiple systems/platforms within the same web application context

Consider the following scenario: Web application is using two separate systems (they can share data/state through DB). First one is used for processing standard web stuff like http requests/responses, ...
-1
votes
4answers
126 views

How secure is this login page? [closed]

Unfortunately I cant link to the page (it internal). But I can describe it! This is a lightspeed systems policy enforcement login page (content filter). The page is http and there is no iframe with ...
-2
votes
1answer
97 views

When logging into a web page what exactly happens when a user types the wrong password?

I have two related questions as to what happens when a user tries to log in to a website If the entered password is wrong what should happen? I have two ideas: Redirect to a page saying "wrong ...