Bookmark and Share Chat with us on Live Messenger Chat with us on Skype Follow iServices Facebook Profile of iServices MySpace Profile of iServices LinkedIn Profile of Jesse Grobstein LinkedIn Profile of Carla Narciso Login to i Services Private Server
Ninja Mascott We've arrived, and to prove it we're here

    Welcome to our blog!

    Bookmark this page and visit regularly to check for new content and free software recommendations!
    visit volcanoecigs.com for the best eCig starter kits and accessories on the web
« Virtual Host on Apache Server

...online security, what an oxymoron!

01/09/09

...online security, what an oxymoron!

Permalink 09:17:57 am by i Services, Inc., Categories: Security

As most of us know, if it's online, it's NOT secure. However, that doesn't stop us from spending hours, even days, sometimes weeks, trying to come up with that perfect script that will really do the job!

In our quest for user authentication methods we considered every possible scenario, and the result is, if it's really secure, you won't be able to access it online. The only way to securely store any information is keep it offline! If that's a possibility you can always access your information through a remote connection or VPN.

But what about when you need to have the information online? well, you have to forfeit any guarantee of security, but it's not impossible to secure your pages.

Foremost, keep in mind that the most concerning problem would be an SQL injection. There are ways to prevent this from happening, make sure you don't process queries without testing your variables.

We have even used combinations of account details and IP addresses to securely authenticate users, but what happens when a users IP address changes? They are locked out! Sometimes being to strict doesn't work.

The bottom line is that you'll need to comprimise security for ease of access. Or vice-versa.

One thing you should always consider is "Brute-Force Attacks", to prevent this you can easily have an account lock itself if there were X failed attempts to login.

Use a variable to count the number of times the form has been submitted and failed to login, create a column in your user table such as "Status", give a default value of 1 or 0 to represent "Active" or "Inactive". Then with a simple check, when our variable hits X we update the value of status in our database. Make sure your login script checks the status of the account before it tries to login the user and if it's locked print a simple message telling the user to contact you for assistance!

You can also create a table in your database to keep a log of failed attempts, having a record of the username, timestamp and ip address of accounts that have been locked will come in handy when you try to figure out if someone lost their password or if you were being hacked!

Bookmark and Share
PermalinkPermalink

i Services Blog

A place for us to post information and keep our visitors informed.

User tools

Advertisements

Categories

Search

Tag cloud

«account settings» adware antivirus apple article backup browsers cigarettes collaboration cookies «december 2010» devices dns download electronic email eruption «file recovery» «force logout» google guatemala hijackers internet linux «lunar eclipse» macromedia malware microsoft mobile networking «open source» outlook «personal folders» protection «random thought» recommended remote security server social software spyware sync synctoy tips unix volcano wallpaper wave windows

Archives

XML Feeds

What is RSS?

powered by b2evolution free blog software



Home  |   Services  |   Portfolio  |   Our Blog  |   About Us  |   Contact Us
© Copyright 2006 - 2012. i Services, Inc. All rights reserved.