הוסטס - פורום אחסון האתרים הגדול בישראל - View Single Post - המצאתי שיטה חדשה לאבטחה, כמה אתם אומרים שהיא שווה?

intercooler3819 · 18-10-09, 19:31

ממ הבעיה הזאת כבר נפתרה...
כבר שנים שמערכות גדולות משתמשים ב token authentication
http://www.w3.org/2001/sw/Europe/eve...uthentication/

זאת דוגמא קלאסית מה שיש בלינק במיוחד הפסקה
The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their to ken has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site. Using some form of authentication: a header, GET or POST request, or a cookie of some kind, the site can then determin e what level of access the request in question should be afforded.
The type of changes this type of authentication requires is obviously dependent on the current implementation of your site. Example code I might be able to write in Perl or PHP would not only be language and implementation specific, it would also be appli cation specific. However, some general principles should be considered in both the creation of a process to obtain tokens and the process of using them. Simplicity for users, robustness for interoperability, and protection of user data are all important f or your application, and each can fall by the wayside in attempting to design a system which fits user expectations.

18-10-09, 19:31	# 14
intercooler3819 חבר וותיק מיני פרופיל תאריך הצטרפות: Jul 2008 הודעות: 1,056	ממ הבעיה הזאת כבר נפתרה... כבר שנים שמערכות גדולות משתמשים ב token authentication http://www.w3.org/2001/sw/Europe/eve...uthentication/ זאת דוגמא קלאסית מה שיש בלינק במיוחד הפסקה The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their to ken has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site. Using some form of authentication: a header, GET or POST request, or a cookie of some kind, the site can then determin e what level of access the request in question should be afforded. The type of changes this type of authentication requires is obviously dependent on the current implementation of your site. Example code I might be able to write in Perl or PHP would not only be language and implementation specific, it would also be appli cation specific. However, some general principles should be considered in both the creation of a process to obtain tokens and the process of using them. Simplicity for users, robustness for interoperability, and protection of user data are all important f or your application, and each can fall by the wayside in attempting to design a system which fits user expectations. __________________