| Subject: | Not the most secure way of doing... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 5 |
|---|
| Author: | troy knapp |
|---|
| Date: | 2011-02-01 20:31:17 |
|---|
| Update: | 2011-02-02 13:05:01 |
|---|
| |
|
|
troy knapp rated this package as follows:
| Utility: | Good |
|---|
| Consistency: | Sufficient |
|---|
| Examples: | Good |
|---|
|
|
 troy knapp - 2011-02-01 20:31:17 Not the most secure way of doing things possible, but provides an easy to implement, and easy to hack solution to get provide a limited amount of security.
 Masees Skenderian - 2011-02-02 03:33:22 - In reply to message 1 from troy knappWhy is this not the most secure way?
troy knapp - 2011-02-02 03:38:56 - In reply to message 2 from Masees SkenderianSSL is a better solution, but costs $$$. Even if you can reliably confirm the identity of your client on the other end of the connection, you are still vulnerable to packet sniffing etc.
Masees Skenderian - 2011-02-02 10:01:12 - In reply to message 3 from troy knappOhhh i totally agree, i thought you meant there is something wrong with the coding.
troy knapp - 2011-02-02 13:05:01 - In reply to message 4 from Masees SkenderianNo, nothing wrong with the coding. By saying it was easy to hack, I MEANT to say that the code was simple and you could change it easily for your own purposes and incorporate it into a larger security solution.
This script could be beat by an attacker that can spoof their IP address, and knows how to use cURL. It would probably be fine for a message board, for example, but I'd implement a deeper solution for more critical info.
|
