additional security measures besides a login with user-password - what can you think of?
Posted
by Tom Tom
on Stack Overflow
See other posts from Stack Overflow
or by Tom Tom
Published on 2010-03-30T18:19:43Z
Indexed on
2010/03/30
18:23 UTC
Read the original article
Hit count: 483
server
|web-security
I'm wondering which additional security measures one could take besides a traditional login with user and password.
What do you think of this one:
_manually adding a cookie to each client which includes a secret key
_this cookie is not served by the webserver, it is actually copied "by hand" to each client computer
_if a client connects to the web-app the server graps that cookie and if the containing secret key is ok, the traditional login box is presented where the user has to enter the user-password combination
_communication between client and server is encrypted with https
Thus a potential intruder would first need to get the cookie from the clients computer, which is only possible with having access to the clients computer.
This would work only for a very small user-base and an admin willing to do this manual work.
© Stack Overflow or respective owner