[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

panos panosx13 at gmail.com
Mon Mar 11 15:47:45 UTC 2013


Thank you very much for your suggestions. Firstly I'll try to study 
about these and secondly to implement them.


Thanks
Panos




On 03/11/2013 05:37 PM, santosh kumar wrote:
> IP address information is not at all sufficient for user 
> identification. Of course, an user may user different systems for 
> accessing an application. Instead a two level security check 
> can incorporated to give the access which can avoid unauthenticated 
> entry into the application.
>
>
> Regards
> P.Santoshkumar
> JTO-NSOC
> BSNL.
>
>
>
>
> On Mon, Mar 11, 2013 at 3:56 PM, Dennis Groves 
> <dennis.groves at gmail.com <mailto:dennis.groves at gmail.com>> wrote:
>
>     On 11 Mar 2013, at 10:08, Dennis Groves wrote:
>
>         One of the issues is the concept of identity, it only takes 32
>         bits of information to identify somebody
>         <https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy>.
>         IP Address is certainly not enough and unsurprisingly you can
>         easily gather enough information to have very high confidence
>         in identity without any username or password.
>
>     A better link on browser uniqueness
>     <https://panopticlick.eff.org/browser-uniqueness.pdf> that will
>     give you much better information about uniquely identifying
>     visitors without either username or password. Of course my browser
>     only gives 21.4 bits of the 33 required; however even that is
>     information that gives you a high degree of confidence about me.
>     Also remember IP addresses have origins; and origins have
>     populations - information is being leaked all over the place…
>
>     Dennis
>
>     ------------------------------------------------------------------------
>
>     Dennis Groves <http://about.me/dennis.groves>, MSc
>     Email me <mailto:dennis.groves at owasp.org> or schedule a meeting
>     <http://goo.gl/8sPIy>.
>
>     /This email is licensed under a CC BY-ND 3.0
>     <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
>
>     *Please do not send me Microsoft Office/Apple iWork documents.*
>     Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>     Stand up for your freedom to install free software
>     <http://www.fsf.org/campaigns/secure-boot/statement>.
>
>         The idea that some lives matter less is the root of all that’s
>         wrong with the world. -- Paul Farmer
>
>
>     _______________________________________________
>     Owasp-appsensor-project mailing list
>     Owasp-appsensor-project at lists.owasp.org
>     <mailto:Owasp-appsensor-project at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130311/f67dbcdd/attachment.html>


More information about the Owasp-appsensor-project mailing list