lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <242a0a8f0603160751mb4309ffp4a5fc39615923899@mail.gmail.com>
Date: Fri Mar 17 15:41:11 2006
From: eaton.lists at gmail.com (Brian Eaton)
Subject: HTTP AUTH BASIC monowall.

Simon Smith simon at snosoft.com wrote
> My first thought was on how to harden the
> authentication because the basic auth didn't cut it for me. Thats what I
> am looking for ideas for.

Here are some things to start with:

Client certificates.
Kerberos.
Two-factor authentication.

Unfortunately with web applications you not only need to worry about
the initial authentication, but how the session is maintained.  If the
session is maintained using cookies, all the strong authentication in
the world won't save you from having that session hijacked.

- Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ