how secure authentication model?


i have user comment 'member center' shows customer's subscriptions memberships have company. during .



i have another site tangible member site. during . ( any site opposite domain, nonetheless same dedicated server.



i wish yield easy login membership site, but including user's username evidence link.



so i've adult this:



when user clicks 'login' couple membership, i emanate an md5 crush userid + unix timestamp, supplement database list along userid timestamp.



i following route hash).



the login book example2 takes crush looks adult same table. crush present, i collect username evidence fan database controlling userid stored hash, pass site's pre-existing login function, logged in.



when crush login book runs, initial deletes any rows comparison 5 minutes, following checks crush value passed. finds hash, logs user in, following deletes crush used table. means there never any hashes list comparison 5 minutes. wholly there (should) any hashes left over list user somehow doesnt secure.example1.com www.example2.com after clicking couple ( say, internet goes down during only right second, dns problems solution example2.com, etc ). 5 footnote genocide means lay there reload redirected url until in, until 5 mins have left by.



when user redirected, crush value.



every login couple clicked secure.example2.com, new crush value distributed stored.



my doubt is... am i blank something obvious? smack penetrate this? i only emanate gaping confidence hole site(s)?



thanks hive mind!



edit: offer normal denote opening www.example2.com logging form controlling your username / password.



edit2: response tobyhede re: sniffing hash. assailant have also stop user reaching login book www.example2.com crush deleted once used. means stop that, following also have crush within 5 mins automatically deleted.



edit3: re: assailant generating possess hashes: hacker have insert those hashes database consolidate current userid ( users know userid ). that? given crush used wholly once following deleted immediately, i'm positive any next attacks work.



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how i practical urls indicate .aspx pages asp.net deployed an iis? (preferably but iis)

what's best proceed good purify url structure smoke-stack yield has? do i need iis this? there proceed i arrange mapping record asp .net? the site i wish hundreds pages, already deployed. i slight requires slightest volume changes possible. note: i do not wish suggestions urls friendly i do wish suggestions best control permitted urls emanate mappings. i fundamentally wish have any route ends aspx have aspx progression instead feeling folder an index.aspx inside it. -> edit: i'm controlling iis 6.0
Read more

jaxb - xjc - reworking generated typesafe enum category members

when compiling following simpletype xjc accumulate (from jaxb package)... <xs:simpletype name="test"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenumclass/> </xs:appinfo> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="4"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="four"/> </xs:appinfo> </xs:annotation> </xs:enumeration> <xs:enumeration value="6"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="six"/> </xs:appinfo> </xs:annotation> </xs:enumeration> </xs:restriction> </xs:simpletype> i finish adult following enum java (import statements comments removed) @xmlenum public ...
Read more