[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions
pydi.santu at gmail.com
Mon Mar 11 15:37:09 UTC 2013
IP address information is not at all sufficient for user identification. Of
course, an user may user different systems for accessing an application.
Instead a two level security check can incorporated to give the access
which can avoid unauthenticated entry into the application.
On Mon, Mar 11, 2013 at 3:56 PM, Dennis Groves <dennis.groves at gmail.com>wrote:
> On 11 Mar 2013, at 10:08, Dennis Groves wrote:
> One of the issues is the concept of identity, it only takes 32 bits of
> information to identify somebody<https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy>.
> IP Address is certainly not enough and unsurprisingly you can easily gather
> enough information to have very high confidence in identity without any
> username or password.
> A better link on browser uniqueness<https://panopticlick.eff.org/browser-uniqueness.pdf>that will give you much better information about uniquely identifying
> visitors without either username or password. Of course my browser only
> gives 21.4 bits of the 33 required; however even that is information that
> gives you a high degree of confidence about me. Also remember IP addresses
> have origins; and origins have populations - information is being leaked
> all over the place…
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> *This email is licensed under a CC BY-ND 3.0<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>license.
> *Please do not send me Microsoft Office/Apple iWork documents.*
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> Stand up for your freedom to install free software<http://www.fsf.org/campaigns/secure-boot/statement>
> The idea that some lives matter less is the root of all that’s wrong with
> the world. -- Paul Farmer
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-appsensor-project