[albatross-users] tamper-resistant authentication code
Tim Churches
tchur at optushome.com.au
Sat Sep 13 07:03:07 EST 2003
On Sat, 2003-09-13 at 00:38, Eric S. Johansson wrote:
> this is a very rough cut on authentication code for Web services. I followed
> the model set down by some folks at MIT (see URL and comments)after taking the
> time to understand the security model so I'm confident that it is a a correct
> implementation and will withstand all of the attacks discussed in the paper. it
> will also be vulnerable to the problems discussed in the paper too. ;-)
> # from: "dos and don'ts of client authentication on the Web"
> http://cookies.lcs.mit.edu
>
I think this is a really excellent initiative. Earlier this year I
pointed Dave and Andrew (of Object-Craft) at a Web app security
checklist published by MIT (a different one, but I can't find the URL
now). They indicated an intention to work through the checklist and
close any remaining theoretical vulnerabilities in the various Albatross
app models.
--
Tim C
PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere
or at http://members.optushome.com.au/tchur/pubkey.asc
Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.object-craft.com.au/pipermail/albatross-users/attachments/20030913/c119f511/attachment.pgp>
More information about the Albatross-users
mailing list