Subject: | Not the most secure way of doing... |
Summary: | Package rating comment |
Messages: | 5 |
Author: | troy knapp |
Date: | 2011-02-01 20:31:17 |
Update: | 2011-02-02 13:05:01 |
|
|
|
troy knapp rated this package as follows:
Utility: | Good |
Consistency: | Sufficient |
Examples: | Good |
|
troy knapp - 2011-02-01 20:31:17
Not the most secure way of doing things possible, but provides an easy to implement, and easy to hack solution to get provide a limited amount of security.
Masees Skenderian - 2011-02-02 03:33:22 - In reply to message 1 from troy knapp
Why is this not the most secure way?
troy knapp - 2011-02-02 03:38:56 - In reply to message 2 from Masees Skenderian
SSL is a better solution, but costs $$$. Even if you can reliably confirm the identity of your client on the other end of the connection, you are still vulnerable to packet sniffing etc.
Masees Skenderian - 2011-02-02 10:01:12 - In reply to message 3 from troy knapp
Ohhh i totally agree, i thought you meant there is something wrong with the coding.
troy knapp - 2011-02-02 13:05:01 - In reply to message 4 from Masees Skenderian
No, nothing wrong with the coding. By saying it was easy to hack, I MEANT to say that the code was simple and you could change it easily for your own purposes and incorporate it into a larger security solution.
This script could be beat by an attacker that can spoof their IP address, and knows how to use cURL. It would probably be fine for a message board, for example, but I'd implement a deeper solution for more critical info.
|