Collaborate Disseminate
Being able to confirm your email without waiting for a verification email would be a major improvement to many registration processes. In theory this could be done using a technique based on OAuth, OpenID or similar. Of course, both the si… Continue reading Are there any proposals for email verification without a confirmation email?
Register:
Both text boxes of the user inputted password are compared, if they match:
Add the user’s email to the [users] table in the database, to have a user ID to later record everything against.
Create salt. Anything ran… Continue reading Is the following set of steps, secure enough, during register and login on my webapp?
Recently the company’s website was flooded with malicious registrations, where a few people signed up for hundreds of accounts to win an online lottery. Our investigation shows the source may be a group of employed workers (l… Continue reading Detecting fraudulent registration
A couple of days ago I have registered a new domain on GoDaddy without WHOIS privacy option. The next day after registration I have started receiving spam in my mailbox as well as on my phone. The domain is dormant in the sen… Continue reading Receiving lots of spam after registering a new domain on GoDaddy
A couple of days ago I have registered a new domain on GoDaddy without WHOIS privacy option. The next day after registration I have started receiving spam in my mailbox as well as on my phone. The domain is dormant in the sen… Continue reading Receiving lots of spam after registering a new domain on GoDaddy
Quite often in order to active my account on a website I’ll receive an email with this:
https://web_site.com/access?uid=1234&secret=456789&login=0123456789&mid=aabbcccdd
Why user id, login, mid or other additio… Continue reading Activating a user on a website — why include anything other than an activation code?
This will be implemented in an imageboard if secure.
https://en.wikipedia.org/wiki/Imageboard#Tripcodes
A user wants to make a post. The user enters a username and a password into a field. This is sent to the server where i… Continue reading Is this tripcode system secure?
A person has a form that asks for a name and password. The password is sent to the server where a hash is created from hashing the name and password. This hash is converted into a number using the ascii value. The number is l… Continue reading Is this passwordless system secure?
I want to make guillou quisquater authentication for a website with Laravel (PHP). The authentication is between server and client(user). In the references i’ve read (here and here) the registration scheme is:
The server se… Continue reading Is username and password needed to register and authenticate user in zero knowledge guillou quisquater?
Is it possible to spoof or change backwards Domain Registration Date that can be looked up in online whois tools and databases?