Authentication - establishing the authenticity of a person or other entity. Not to be confused with authorization - defining access rights to resources.
2
votes
2answers
40 views
How good is validating source with request.referer than checksum?
I have 2 portals(both are under my control & domain names are different)
In 1st portal, there is a link on click of which User can directly get logged into 2nd portal.
Link which will be hit in ...
98
votes
7answers
16k views
CTRL+ALT+DEL Login - Rationale behind it?
Maybe a rather noobish question: Why is CTRL+ALT+DEL required at login on Windows systems (I have not seen it elsewhere, but contradict me if I'm wrong) before the password can be typed in? From a ...
3
votes
1answer
66 views
Are there any uses of having a non-deterministic salt value for hashes?
So I've been toying with the idea of having non-deterministic salt values for hashes.
Let me explain what I mean:
Basically, I applied some properties from Bitcoin including a "difficulty" (ie, ...
7
votes
1answer
106 views
Configure SSL Mutual (Two-way) Authentication
A lot of tutorials, a lot of pages, a lot of question and they differ in implementation of this issue "Configure SSL Mutual (Two-way) Authentication". I have to do it with Linux, and I don't know from ...
2
votes
4answers
155 views
Is it safe to allow users multiple login at different browsers & computers?
We are currently developing a web application. The developers have allowed multiple login. e.g an user can log-in to multiple computers at the same time. They are quoting Gmail account as an example ...
6
votes
4answers
156 views
Candidate authentication in large scale assessment
First of all, I'd like to apologize beforehand if the questions I am about to ask are not really suitable for this site. I could not think of any other category to post under. Right, here goes.
We're ...
2
votes
1answer
49 views
Authenticating a ciphertext
what can be considered as a downside of authenticating a ciphertext?
For example, can we say drawback of authenticating a ciphertext is that we lose
repudiation, for example, we can't prove to the ...
3
votes
2answers
113 views
Are there any serious problems with this method for generating single-use tokens?
I need your advice on the security of this design.
I have a scenario whereby a server application and a smart card application need to share a value e.g. 52, which has been encoded in a long decimal ...
1
vote
1answer
44 views
What manufacturers create OATH HOTP cards now that InCard Technologies is no longer in business?
I purchased the following OAUTH HOTP card from Verisign. I'm intrigued by the security possibilities that this form factor provides and what customizations to the circuit logic are possible.
On ...
4
votes
2answers
68 views
How Secure are Authenticity Token in Rails
I came across a website which uses Rails Authenticity token to prevent CSRF attacks. My concern here is that I can see the authenticity token in the source code of the web page. If any other service ...
0
votes
1answer
101 views
Facebook Login for Intranet
How safe is Facebook Login? I'm currently building an intranet, for my small company. We're 10 employees, and no risk of them messing up from inside.
But is using Facebook Login safe for this? How ...
6
votes
3answers
352 views
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web.
I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like?
This is ...
1
vote
0answers
72 views
Two-way authentication with google authentication app [migrated]
Can someone guide me on what I've done wrong with implementing Google authentication app?
Here is what I've tried without success:
1# Create secret key
$chars = ...
2
votes
2answers
177 views
If someone steals my laptop while I'm logged in, how can I protect my browser?
My question has its roots in an xkcd from this week:
http://xkcd.com/1200/
Isn't this true and ironic? We place so much emphasis on browser security and OS security -- and rightly so -- yet if I ...
2
votes
0answers
42 views
How do I make or get computer certificates to use with IPSEC user authentication?
I am having trouble and need some direction using computer certificates with windows 7 firewall IP Security rules, using certificates only for user authentication. I can get everything to work ...
