Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Passing encrypted password between systems - ideas?
Message
De
02/08/2018 18:25:39
Marco Plaza
NFox
Espagne
 
 
À
02/08/2018 15:30:13
Albert Gostick
Kincardine, Ontario, Canada
Information générale
Forum:
Visual FoxPro
Catégorie:
Codage, syntaxe et commandes
Titre:
Re: Passing encrypted password between systems - ideas?
Versions des environnements
Visual FoxPro:
VFP 9 SP2
OS:
Windows Server 2012 R2
Network:
Windows Server 2012 R2
Database:
Visual FoxPro
Application:
Desktop
Virtual environment:
VMWare
Divers
Thread ID:
01660458
Message ID:
01661428
Vues:
78
Hi Albert,

*** I assume the "DB" in the next line is the server side database, correct?
yes, the server ( web service ) receives this and saves only the user & password hash

*** what gets returned to the client at this point? or is there something returned?
only a operation status.. a simple "http 200 ok" with operation succed or password changed if all went ok.


*** is there anything passed above that a man in the middle attack could grab and impersonate the client?

the above procedure only covers the initial authentication process, and prevents the user password from traveling or being "saved as is" on the server. There's the improved digest authentication , wich enforces a sequence control , short expiration and signing of all the http messages with a similar procedure , but it only makes it harder to hack the conversation. Only TLS can protect against man in the middle attacks.
@nfoxdev
github.com/nfoxdev
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform