Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: Simon Smith <simon () snosoft com>
Date: Fri, 17 Mar 2006 12:43:54 -0500
Brian,
I fully agree and thanks for the references. My next step after I'd
found a good solution was going to be focusing in the session security.
Thanks for the input/help man. I appreciate it!
Brian Eaton wrote:
Simon Smith simon at snosoft.com wroteMy first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for.Here are some things to start with: Client certificates. Kerberos. Two-factor authentication. Unfortunately with web applications you not only need to worry about the initial authentication, but how the session is maintained. If the session is maintained using cookies, all the strong authentication in the world won't save you from having that session hijacked. - Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
--
Regards,
Jackass
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)