Brian,
I fully agree and thanks for the references. My next step after I'd
found a good solution was going to be focusing in the session security.
Thanks for the input/help man. I appreciate it!
Brian Eaton wrote:
> Simon Smith simon at snosoft.com wrote
>
>> My first thought was on how to harden the
>> authentication because the basic auth didn't cut it for me. Thats what I
>> am looking for ideas for.
>>
>
> Here are some things to start with:
>
> Client certificates.
> Kerberos.
> Two-factor authentication.
>
> Unfortunately with web applications you not only need to worry about
> the initial authentication, but how the session is maintained. If the
> session is maintained using cookies, all the strong authentication in
> the world won't save you from having that session hijacked.
>
> - Brian
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Regards,
Jackass
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
