 |  |  |  |  |  |  |  |
keeping password just in cookies, not in servers.
Thread Solved |
Hi,
Suppose a site doesn't store passwords on its server.
When the user creates a new account, his password is hashed together with his username and stored in a cookie insider his Web browser. When he comes to the site again and types in his username and password, the server hashes them pulls the cookie from the user’s browser and checks if the computed hash is equal to the hash
stored in the cookie. If they match, access is granted.
Can another person log into his account just be knowing the username i.e the victim's computer is offline and inaccessible( cannot be eavesdropped)
Suppose a site doesn't store passwords on its server.
When the user creates a new account, his password is hashed together with his username and stored in a cookie insider his Web browser. When he comes to the site again and types in his username and password, the server hashes them pulls the cookie from the user’s browser and checks if the computed hash is equal to the hash
stored in the cookie. If they match, access is granted.
Can another person log into his account just be knowing the username i.e the victim's computer is offline and inaccessible( cannot be eavesdropped)
0
#2 Oct 23rd, 2009
Probably not except by brute force. This is a bad idea though since when the user loses their cookies they will no longer be able to log in. It is just a matter of time before they lose their browser settings.
 |
Similar Threads
- Change Password In A Shell Script (Shell Scripting)
- how to insert password in cookies?? (Java)
- Hotmail Login (Windows NT / 2000 / XP)
Other Threads in the Network Security Forum
- Previous Thread: code to get WAN/external IP in java
- Next Thread: Cannot access internet WITHOUT proxy/ulrasurf
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
2008 adobe advice antivirus apple blackmail botnet browser business china civilliberties confidentiality crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook fail forensic fraud google government hack hacker hacking hardware homelandsecurity ibm idtheft information infosec internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile music nasa nationalsecurity network networks news obama olympics password passwords pentagon phishing phone politics privacy realplayer report research safari satnav scam search security skype socialnetworking software softwaredevelopment spam sqlinjection survey symantec terrorism terrorist theft trends trojan trojans twitter uk usb virtualization virus vulnerability web wireless worm yahoo youtube
