Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Web Form Logins suggestions
Posted by: ficti0n
Date: June 17, 2008 03:18PM

I was wondering if anyone in here could suggest some open source session management login products that might be of use to a small web application... Preferably to a flat file rather then a database to limit ability to sql inject.... Since there are only like 2 users I have no need for a large database on the login portion.

thanks....

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: thrill
Date: June 17, 2008 04:07PM

I suggest .htaccess.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: DoctorDan
Date: June 17, 2008 05:13PM

Seconded

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: id
Date: June 17, 2008 06:36PM

I suggest you do all authentication client side using javascript and give me the URL.

-id

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: Matt Presson
Date: June 18, 2008 08:15AM

lol @ id.

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: ficti0n
Date: June 18, 2008 01:05PM

Yea those are some awesome suggestions thanks.... lol

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: sirdarckcat
Date: June 20, 2008 12:48AM

I suggest using md5() because that makes it 1000s of times more secure ;)
<?php
   if(md5($_POST['password'])==md5("grannypr0n")){
       header("Location: admin.php");
   }
?>
<form method=post>
Password: <input type=password value=password>
<input type=submit>
</form>

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Web Form Logins suggestions
Date: June 20, 2008 09:16AM

sirdarckcat, using the .htaccess for authorization will cause a 401 error to occur if the user does not provide the correct credentials, which effectively cuts them off from attempting to access any other resources in the given path (I.E. /members/, /members/page1.php, et cetera). In the example you have given without any further code the website becomes vulnerable to predictable resource locations.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: thrill
Date: June 20, 2008 11:54AM

@AnDrEw - I think he was taking what id said and ran with it... what difference does it make if you use md5 or any other algorithm to encrypt the plain text password on the client side.. heh..

Muy chistoso sdc!!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: sirdarckcat
Date: June 20, 2008 07:57PM

Hi

Well, my post was a joke.. (we are in the OMG Ponnies forum..) I tried to do a php-auth-code that was wrong in a lot of ways.

First: using md5($_POST['password'])==md5("grannypr0n") is stupid
Second: doing header("Location: admin.php"); is as stupid as doing everything client-side.

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Web Form Logins suggestions
Date: June 21, 2008 07:24PM

I didn't even notice we were in the OMG Ponies area, but that could be because of the question which was asked (though I tend to post serious questions in this forum as well since it is probably one of the most active boards).


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: ficti0n
Date: July 02, 2008 04:46PM

ahhhh well since i am getting no good suggestions in here other then jokes.. anyone got a good place to ask the question for real... I just figured a a web security forum would be a good place...

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: id
Date: July 02, 2008 05:47PM

htaccess/htpasswd are good suggestions, if there are only two of you why not?

-id

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: thrill
Date: July 02, 2008 06:20PM

Don't build a bridge to cross a puddle.

For 2 people, building an authentication method using a database and encryption == bridge for puddle approach.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: rsnake
Date: July 13, 2008 07:21PM

@ficti0n - you are posting in the wrong sub-section of the forum. The other parts of the forum are more serious. But to answer your question (seriously) I haven't found any authentication system that's even vaguely good against most real world attacks, let alone open source. Almost all of them are ridiculously vulnerable to either brute force attacks or denial of service if they try to protect against the brute force attack. Auth is a very complex subject.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Web Form Logins suggestions
Posted by: Luny
Date: September 21, 2008 04:54AM

I suggest using frontpage

---------------
Digital footprints suck. Learn to walk on your hands.
http://www.youfucktard.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.