Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 See whole thread
By msg id:
 Prev: 23 Oct 2003 0:12
 Next: 23 Oct 2003 14:49

Other threads:
 Prev: Email Delivery Notice
 Next: comparing two URLs

Same author:
 Prev: 10 Oct 2003 19:19
 Next: 23 Oct 2003 13:39

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
11-Dec 1:30 UTC
[0.06] 9.025k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: reading back checksum/secure

From: rebol-list2:seznam:cz at: 23-Oct-2003 11:46


Hello SunandaDH,

Tuesday, October 21, 2003, 11:30:24 PM, you wrote:

Sac> The other problem is that URLs pass through a host of intervening machines
Sac> downstream of you and your server. So:

Sac> http://www.myserver.com/mycgi.r?username=carlos&password=#{A8C40A306844B07D7B3
Sac> C733C3A9EF479ADAFAC1D}

Sac> will be seen by many machines en route.  To be truly safe, you'd want to make
Sac> sure that
Sac> password=#{A8C40A306844B07D7B3C733C3A9EF479ADAFAC1D}

Sac> only works once -- on the next request it is a different checksum value.
Sac> Otherwise, someone could simply spoof you by copying the value.

so it can work for example like this:

Client -> Server -- wants connect
Server -> Client -- sends session ID (SID)
Client -> Server -- sends SID, checksum/secure join SID "mypass"
Server compares if  (checksum/secure join SID "mypass") is correct.

This is good way how to prevent sending pure passwords thru web. This is
trivial scenario. You can make it more difficult as well but than be
careful to stay able to connect to your app:))

--
Best regards,
 rebOldes -----------------[ http://oldes.multimedia.cz/ ]

1 · 2 · 3 · 4 · 5 ... 8 · 9 · 10 · 11 · [12] · See whole thread