authentication
play

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY - PowerPoint PPT Presentation

Mar 17, 2024 •174 likes •355 views

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY encryption You cannot retrieve the plain text Common hashes: md5 sha1 sha256 $password = hash (md5,$password); Better (though less common hash) Bcrypt

  1. Authentication Dr. Steven Bitner

  2. Hashing  Hashing is ONE WAY encryption  You cannot retrieve the plain text  Common hashes:  md5  sha1  sha256 $password = hash (md5,$password);  Better (though less common hash) – Bcrypt  http://kc-sce- sphp01.kc.umkc.edu/~bitners/showCode.php?page=resource s/hash/hasher.php

  3. More hashing  Never store any passwords plaintext  Most people in the PHP community look down on your code if you don’t use Bcrypt, but anything is better than nothing.  On new projects, you are best to start off with Bcrypt  Why:  Automatically generates salts  It’s really slow  It’s really, really slow if you want it to be  If you want more info http://codahale.com/how-to-safely-store-a- password/

  4. Hashing in action  http://kc-sce- sphp01.kc.umkc.edu/~bitners/showCode.php?page=hashT est.php

  5. Sessions  Stored on the server  Temporary (unless set up to store to a DB or other persistent data storage)  Must open a session before anything else session_start();

  6. Cookies  Stored on the user’s machine  They need to accept cookies  Persistent  Can expire at the end of the session, or at some point in the future  Must be sent before any other information (e.g. echo statements)

  7. Setting a cookie setcookie ('cookieName', /*required*/ 'value', 'expiration', /*default=0*/ 'path', 'domain', SSL/TLS?, /*default=false*/ HTTP only?); /* ^ */

  8. Viewing cookies

  13. Registering new users  Decide what info will be used for login  Username or email address  Email validation  As of PHP 5.2 $email = filter_var('bitners@umkc.edu', FILTER_VALIDATE_EMAIL);  All usernames should be unique to ensure that a user is getting their login credentials only  Can check by attempting to insert  Can check by querying the DB  What info do you really need?  Permissions control, email lists etc.

  14. Think about what's really important http://xkcd.com/970/

  15. User maintenance  Should be able to change password  Should be able to update other information  Should be able to request new password

  16. Logout  Unset all $_SESSION variables session_start(); session_unset();  Close the session session_destroy();

  17. Don't forget to delete cookies setcookie('cookieName','',1);

  18. Assignment # 8  I must be able to register and login to your website.  http://xkcd.com/936/  http://b.web.umkc.edu/bitners/490wd/assignment8.html

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
CSc 337 LECTURE 25: COOKIES Stateful client/server interaction Sites like amazon.com seem to

CSc 337 LECTURE 25: COOKIES Stateful client/server interaction Sites like amazon.com seem to

CSc 337 LECTURE 25: COOKIES Stateful client/server interaction Sites like amazon.com seem to "know who I am." How do they do this? How does a client uniquely identify itself to a server, and how does the server provide specific

686 views • 15 slides
Convergence in Wireless Transmission Technology Promises Best of Both Worlds MSN 2009 Workshop 9 th

Convergence in Wireless Transmission Technology Promises Best of Both Worlds MSN 2009 Workshop 9 th

Convergence in Wireless Transmission Technology Promises Best of Both Worlds MSN 2009 Workshop 9 th July 2009 Ali Al-Sherbaz Torben Kuseler University of Buckingham Ali.al-sherbaz@buckingham.ac.uk torben.kuseler@buckingham.ac.uk Headlines 2

532 views • 24 slides
Fixedmobile Convergence: Structural convergence Technology dimensioning and cost modelling

Fixedmobile Convergence: Structural convergence Technology dimensioning and cost modelling

Fixedmobile Convergence: Structural convergence Technology dimensioning and cost modelling Dirk Breuer Deutsche Telekom Laboratories, Germany Tibor Cinkler Budapest University of Technology and Economics, Hungary Stphane Gosselin

395 views • 5 slides
Convergence in Metro Area Networks Randall Atkinson rja@extremenetworks.com Chief Scientist

Convergence in Metro Area Networks Randall Atkinson rja@extremenetworks.com Chief Scientist

Convergence in Metro Area Networks Randall Atkinson rja@extremenetworks.com Chief Scientist Agenda What are converged networks ? Why is convergence happening ? How does this change Metro Area Networks (MANs) ? Key technologies enabling MAN

390 views • 38 slides
Advanced Java Class Web Applications Part 1 (Servlets) Named vs. Anonymous Servlets

Advanced Java Class Web Applications Part 1 (Servlets) Named vs. Anonymous Servlets

Advanced Java Class Web Applications Part 1 (Servlets) Named vs. Anonymous Servlets Anonymous Syntax: http://hostname/MyApp/ servlet/myapp.servlets. MyServlet Named Syntax: http://hostname/MyApp /Myservlet in web.xml:

371 views • 19 slides
Toll of personal privacy in 2018 @KirilsSolovjovs http://kirils.org Privacy is dead 16

Toll of personal privacy in 2018 @KirilsSolovjovs http://kirils.org Privacy is dead 16

This presentation uses no cookies for analytics, ads or any other purposes. Content served is not personalized or tailored to each audience member however it may be tailored to the conference itself. By continuing to watch this presentation you

994 views • 41 slides
formal methods in HCI a success story From Formalism to Physicality, Alan Dix, UPC

formal methods in HCI a success story From Formalism to Physicality, Alan Dix, UPC

formal methods in HCI a success story From Formalism to Physicality, Alan Dix, UPC North, 30 April 2008 problem context mid 80s local authority DP dept transaction processing vast numbers of users

119 views • 10 slides
HI TOC Consumer Advisory Panel January 27, 2011 Agenda 1:00pm Opening & outcomes 1:05pm

HI TOC Consumer Advisory Panel January 27, 2011 Agenda 1:00pm Opening & outcomes 1:05pm

HI TOC Consumer Advisory Panel January 27, 2011 Agenda 1:00pm Opening & outcomes 1:05pm HITOC Working Principles 1:10pm Report back from Jan. 20 HITOC Retreat: Comments from Dr. Goldberg, Director of the OHA, & Mike Bonetto,

442 views • 20 slides

More recommend