 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
adamski
Joined: 22 Dec 2006
Posts: 1
Location: UK
|
 Posted: Fri Dec 22, 2006 2:14 pm Post subject: Auth - setAdvancedSecurity() |
 |
|
Hi,
Has anyone used this part of the Auth package?
Desc:
"Detection of client ip address change or User-Agent header change if such a change is detected the user will be logged out
Each client request a special unique cookie is given to the client. He must present this cookie on his next request. This cookie changes on every request. If client does not present the valid cookie he will be logged out.
Enables challenge responce for the default login screen of auth. The user password will be hashed with javascript before sent back to the server. Prevents the user password being stolen using password sniffing tools. Password is hashed with a random key so the md5 hash is not subject to brute force password cracking. This will only work for storage containers which support challenge responce password authenthication. Currently only the DB, MDB and MDB2 containers support this for md5 and clear text passwords "
I was interested in the last section. However, when trying to create a default login page for users there seems to be no javascript nor any hint of encryption.
Please could anyone post their experiences with it. Or offer some advice as to how to get the last part working. |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
