[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions
panosx13 at gmail.com
Mon Mar 11 15:47:45 UTC 2013
Thank you very much for your suggestions. Firstly I'll try to study
about these and secondly to implement them.
On 03/11/2013 05:37 PM, santosh kumar wrote:
> IP address information is not at all sufficient for user
> identification. Of course, an user may user different systems for
> accessing an application. Instead a two level security check
> can incorporated to give the access which can avoid unauthenticated
> entry into the application.
> On Mon, Mar 11, 2013 at 3:56 PM, Dennis Groves
> <dennis.groves at gmail.com <mailto:dennis.groves at gmail.com>> wrote:
> On 11 Mar 2013, at 10:08, Dennis Groves wrote:
> One of the issues is the concept of identity, it only takes 32
> bits of information to identify somebody
> IP Address is certainly not enough and unsurprisingly you can
> easily gather enough information to have very high confidence
> in identity without any username or password.
> A better link on browser uniqueness
> <https://panopticlick.eff.org/browser-uniqueness.pdf> that will
> give you much better information about uniquely identifying
> visitors without either username or password. Of course my browser
> only gives 21.4 bits of the 33 required; however even that is
> information that gives you a high degree of confidence about me.
> Also remember IP addresses have origins; and origins have
> populations - information is being leaked all over the place…
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me <mailto:dennis.groves at owasp.org> or schedule a meeting
> /This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
> *Please do not send me Microsoft Office/Apple iWork documents.*
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> Stand up for your freedom to install free software
> The idea that some lives matter less is the root of all that’s
> wrong with the world. -- Paul Farmer
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> <mailto:Owasp-appsensor-project at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-appsensor-project