Jump to content
xisto Community
Sign in to follow this  
alexviii

Security Not Safe

Recommended Posts

Hi everyone!!!!!!!

 

 

 

This is the last one!! :P

 

 

Ok guys, I heard somewhere that if we protect some page with password, it is steel not safe at all, if we dont hace a secure connction (https://...)

How is it true? is there a posibility that some one can see a page, even if it is protected by password?

(the scrit in tha page don't allow IDs that didn't past from the login page)

 

is that script sufficent?

 

thanks a lot to every one :P:D:):P:D:D:D:P

Share this post


Link to post
Share on other sites

It entirely depends on what methods you are using to protect the page. For example, using JavaScript to password a page usually can be beated by disabling JS, or just guessing the URL of the page it'll take you to. Passwords created with .htpasswd files are more secure, but they can be beaten with brute force, which is the main problem with any password. No matter how secure the encryption is (another factor), or how good your code is, any password can be brocken with guesswork, which is why you are advised to use passwords like Xisto!"?rUlEs as they can't be beaten with a dictionary.

 

Where you have a script that passes an ID from the login page, normally called a session, it is possible to fake the session or cookies if they are used. You have to know how the code works, what variables are used etc, but they can be beaten. HTTPS simply uses a non-standard port and adds an extra layer of encryption to the data. It can help with passwords and credit card information, but if you've already guessed a password, it's no more secure at all.

Share this post


Link to post
Share on other sites

very agree with rvalkass.For a page that password protected using .htacess it's better to make long character password. e.g using md5 or sha algotihm. It may still can be cracked by bruteforce. but the cracker may drunk 1000 glass of coffee until the process done.Also some can easly monitor your traffic packet using packet sniffer. All your password or whatever that transmiting can be capture using this tool. Because of that why SSL is so important when dealing with transaction. If the packet sent using SSL connection, all the packet is hidden and cannot be captured by packet sniffer software!. <_<

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.