Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
2
votes
1answer
748 views
Login system using a persistent cookie
I want to be sure that my code below properly secures the website based on all of the information provided.
Login System Overview
When a user logs in, the following user info is saved to a ...
0
votes
0answers
6 views
Expressjs display specific error messages on signup
I'm using Node + Express + Mongo, my user Schema has three required fields:
username
email
password
I already took care of how the password is handled, but when it comes to username and email, ...
3
votes
0answers
62 views
WebAPI Authentication
Do you see any security issues with this authentication approach or have any suggestions?
WebAPI is REST-based. The user logs in by calling the Authentication Controller and expects a 401 if ...
1
vote
0answers
36 views
PHP login and session establishment
I would like to ask your advice on my simple code to login and registration sessions.
In the User class, login function:
...
2
votes
1answer
51 views
Android login system
I am completely unaware of all the Android features and available libraries.
I just designed a login system to practice it. I have referred to a few books and tutorials.
Layout
I am using relative ...
6
votes
1answer
466 views
Login UI for an Android app
This code starts a new thread for login and reacts according to the JSON result returned by the server.
I think this code has too many conditionals, exception handlers, and nested functions.
...
3
votes
1answer
76 views
Secure Token for use in API calls
My team has developed an API and I've been tasked with creating an authentication layer that allows partners' applications to consume it. To that end, I've created a data store which houses an ...
4
votes
1answer
82 views
PHP secure login script
I was just wondering how secure my code looked and if I'm overlooking any serious mistakes. Any suggestions/critiques are welcome.
This is my relevant login script.
login.php
...
1
vote
0answers
24 views
Simple login script
This is a simple login script using Bcrypt. Is there anything wrong with this code? It works and my page loads O.K, but could this be optimized for better speeds?
...
2
votes
1answer
93 views
Using PHP's password_hash and password_verify for a login function
This is my first time using password_hash and password_verify in PHP. Would this be the correct usage of ...
0
votes
0answers
36 views
Authentication terminology
Below comes a Value Object to represent UserId in ASP.NET application. It implements Value Identity, so equality is defined by matching of the state calculated at ...
2
votes
0answers
35 views
Function to prevent sign-in form from being spammed
I have written a function that I want to protect from spam bots. I have used two techniques the first being filter after submit. After reading around I obtained the ...
6
votes
2answers
96 views
User registration and login program
I've recently stared learning C++ so I'm new to all of it. I've got my fourth "software" under development. Could someone have a look through and give me some constructive criticism on what should I ...
1
vote
1answer
92 views
PHP Login script getting bypassed allowing access to my admin pages
I have a site where a friendly hacker says they have accessed my admin area. I am not able to see how this is possible so any help would be greatly appreciated. I am using PDO prepared statements to ...
4
votes
2answers
79 views
“Remember me” automatic login
I've implemented a "remember me" automatic login if no session has been set, but a remember me cookie is on their computer. I'm concerned about security and I'm not the best. I'm relatively new to OOP ...
2
votes
2answers
73 views
Validating user credentials and logging into a Symfony site
I have the following code in a Symfony site that validates a user's credentials and logs them in via the Session class:
...
1
vote
1answer
54 views
Create “refresh token” action filter
I am using idenity server 3 authentication.
I have to implement refresh token logic.
AccessTokenLifetime is 1 hour, and after that time I want to update access token with refresh token.
I want do ...
3
votes
0answers
34 views
Rbac Principal with Binding support
I've been maintaining a Rbac helper for some time now. My goal is to provide an easy way to tell the following:
When does an user have a role
What can a user do ...
3
votes
0answers
41 views
Ajax login response [closed]
I want to create an Ajax-Login, but I'm not sure if my solutions is generally correct. I want to do everything correct, so I need someone who checks this code and give me some improvement hints.
...
2
votes
1answer
85 views
Creating a portable encrypted credential store
There have been a few questions over on SO recently about securely storing credentials in Powershell scripts. Because ConvertFrom-SecureString uses DPAPI it makes ...
3
votes
2answers
89 views
First user login function: Security and efficency opinions
I am writing an application for work. This application will sit on a closed network but I still have to be concerned about security. There will be a maximum of three types of user for this ...
7
votes
2answers
173 views
Secure custom password hashing
My team and I have ended up creating this class, which is called directly from ASP.NET Identity as a custom password hasher. I'd like to know whether this would be "overkill"/use a lot of CPU, ...
5
votes
1answer
97 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
3
votes
1answer
54 views
Authentication program in Swing
It is a simple program which allows you to input a username an password. If the username/password is equal to the String it launches a JOptionPane that says ...
2
votes
0answers
82 views
Safe implementation for extending authentication cookie with user data
After searching around and reading through articles and answers I came up with this implementation for extending the cookie of Forms Authentication. But I am not 100% sure that I did not introduce any ...
1
vote
1answer
68 views
CakePHP login action returning json
I have some questions on how I can improve this "add action" (method) in "controller":
I'm using the add action only if post request. Is it correct?
This ...
0
votes
1answer
79 views
Password encrypt & check
When a user registers (creates a new account), I want to encrypt password before storing in a database, and when a user logs on (with username & password) I want to check password. I did it in the ...
6
votes
1answer
145 views
Ensuring non-expired token before every request
I'm developing an iOS application where data is fetched from a third-party REST API. Each request must contain an authorization token.
In order to implement this, I've written a ...
1
vote
0answers
880 views
JWT - Simple API example
I have created this fake API just because I want to learn how to use JWT. It is a simple unsigned token exchange with two methods call: login and adminPassword.
I've used ...
2
votes
1answer
66 views
Security of login form using prepared statements
I've prepared a simple login form, using prepared statements to prevent SQL injections. How secure is this ?
...
1
vote
1answer
140 views
Simple login and authentication app
For school I had to do a real simple login and authentication system on an Android app, and I'm wondering how my code can be optimised to reduce code duplication and how it can be made more object ...
4
votes
1answer
2k views
Simple login system using Python Flask and MySQL
I've made a login page using Python Flask which works with MySQL. I started learning Flask 2 days ago and it was fun, so I came up with this:
...
1
vote
1answer
145 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
-2
votes
2answers
61 views
Authentication check in index.php file
I am aware that this code is vulnerable for SQL injections, but I don't know how to avoid it.
...
7
votes
2answers
399 views
PHP login based on a password parameter
I'm learning PHP now, and I'm trying to find out whether or not the following code structure has any faults:
...
-1
votes
1answer
32 views
Backbone view for logging a user in
I'm looking for a general peer review on already working code. Just the overall structure and of course any gotchas like DRYness or logic issues.
...
2
votes
1answer
34 views
Authentication and session creation
My session controller has a method for creating new user session. According to Rubocop's output there is 'Assignment Branch Condition' metric is too high [15.17/15].
...
1
vote
2answers
52 views
Securing a web service without relying on native authentication schemes
Due to various business and technical circumstances, I have to create an internet-facing .NET 4.5 WCF web service which should be called only by a certain party while not using native authentication ...
6
votes
1answer
73 views
This LoginPane is a Pain
Well, it really isn't a big pain: but I fear of security risks (if that is even possible).
Background:
I decided to (sort of) abandon my Sudoku project (because I accidentally deleted it from disk), ...
6
votes
1answer
47 views
Login validator class
I'm trying to learn more about object oriented programming and I have a few questions about the class below.
I'm working in Visual Basic.NET
My questions are
Is there a better place / way to show ...
3
votes
1answer
131 views
Simple SSH bruteforcer in Ruby
I'm pretty new to Ruby, and working in the IT security field, I thought to make something useful to my work while I learn the language (even though I'm reinventing the wheel).
The script is working ...
4
votes
1answer
123 views
Login Authentication & Sign Up
This is a Login Authentication / Sign-up Models for my class project in PHP. I would really appreciate criticisms and any suggestions to improve security, code quality, etc.
Hashing.php
...
0
votes
1answer
59 views
Basic sign-up method, testable and with try/catch [closed]
I am learning how to implement testing and try/catch statements into my code. I have a Laravel application with the following ...
3
votes
1answer
90 views
PHP password encryption algorithm
I've written a password encryption algorithm in PHP, which (I think) is not very vulnerable to rainbowtable attacks. It's just that I don't have a lot of experience with encryptions, nor PHP. But from ...
2
votes
1answer
84 views
3
votes
1answer
158 views
Basic login script for educational purposes
I have created a login script to demonstrate the usage of sessions in PHP. The focus is not on security, databases or encryption. The idea is to exemplify how you can use sessions to protect pages ...
6
votes
2answers
123 views
Password recovery program
This is a password recovery program I made, and I just want it checked out.
These aren't all the files for the login and register system, only the password recovery part. The columns in the ...
2
votes
2answers
339 views
Sharepoint Authentication Helpers
I'm working on a rather large SharePoint project that's going to contain helper classes for a variety of item levels (sites, webs, lists, items, etc').
When writing code I'm expecting that the same ...
1
vote
1answer
95 views
Parse.com simple query: login and display account balance
I was recently at a hackathon and saw quite a few people using Parse, so I decided to check it out and read some guides online. Can someone take a look at my code? I followed Parse documentation so it ...
4
votes
1answer
109 views
Simple administrator authentication page in PHP
I made a simple administrator page lock in PHP and I was wondering how secure it was. I want to use this script to secure administrator pages for my portfolio site but I want it to be fairly secure.
...
