[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] IP address change: relogin

From: "Stephan Wehner" <stephanwehner@xxxxxxxxx>
Subject: Re: [WEB SECURITY] IP address change: relogin
Date: Thu, 22 May 2008 12:20:02 -0700

On Wed, May 21, 2008 at 8:27 PM, Bil Corry <bil@xxxxxxxxx> wrote:
> One final method that I've contemplated, but haven't had time to build a
> PoC, is to use HTTP Digest Authentication and use XHR to passively
> "authenticate" the user with the username being their session ID, and the
> password a random value.  Then using Digest's nonce, you can prevent replay
> attacks, etc.  The downside is you have to initially seed the browser with...

Similar to this one?

http://www.peej.co.uk/articles/http-auth-with-html-forms.html

Stephan

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- Re: [WEB SECURITY] IP address change: relogin
  - From: Bil Corry

References:
- [WEB SECURITY] IP address change: relogin
  - From: Stephan Wehner
- Re: [WEB SECURITY] IP address change: relogin
  - From: Bil Corry

Prev by Date: RE: [WEB SECURITY] IP address change: relogin
Next by Date: RE: [WEB SECURITY] MOSS security
Previous by thread: RE: [WEB SECURITY] IP address change: relogin
Next by thread: Re: [WEB SECURITY] IP address change: relogin
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site