Hi Siddarth, The login type you are talking about is it a website login or are you talking about system login like we used to have in linux lab. In case its a website login. you can use
1) Cookies. set a permanent cookie when user registers and you can can use it to verify the further sessions. This method is very weak and if user deletes the cookie then there would be no way to set it again. not a good method 2) User String. you can modify browsers user sting such that each string act as a unique browser id. but you will need physical access to the browser to set it. It cant be set remotely. again not a good method :) 3) Certificates. This method is used by fedora so that only authenticated browsers can login. a little varient of this is used by OpenID. Method is very simple. What you do is issue a unique self signed certificate to each user when he registers which he will need to import in his browser. you authenticate further sessions using that certificate. using certificate you can give unique id to each browser. certificates are like cookies which cannot be modified and are more stable and all the browsers support it. There are many way to create a certificate. following links might be useful: http://sial.org/howto/openssl/self-signed/ http://en.wikipedia.org/wiki/Self-signed_certificate http://www.dartmouth.edu/~pkilab/pages/More_Using_Web_Res.html 4) SSH. ssh is one of the easiest method to setup and widely used method for authentication and definitely the best method if you are providing shell access to the users or access to a particular system application. but i am not sure how you can use ssh to authenticate website login. On Mon, Sep 7, 2009 at 8:57 PM, Satyajeet Singh <[email protected]>wrote: > > > Hi Siddharth, > > The SSH setup is one of the most secure authentication methods for > logging in. It actually exchanges machine fingerprints(a long hashed key) > and the next time a registered client wants to login, the system looks for > the fingerprint. If the fingerprint is found in it's .ssh config file then > it automatically authenticates else denies. As evident, there is no question > of login id and password which I think is exactly what you have been looking > for. However, this process will make authentication restricted to only one > machine per registered user. > > @ Deepak,Siddharth: Flaws in other methods such as Mac Id is that one > can easily change the mac address within seconds(with or without > applications) to hack the system and the same can be done with machine ids > as they can be exploited very easily on network with tools. > > Regards, > Satyajeet Singh > Sent from Pune, MH, India > > On Mon, Sep 7, 2009 at 7:54 PM, Siddharth Goyal <[email protected]>wrote: > >> >> >> Hello >> The main problem is that I do not wish to make things too complicated for >> people who log in and I do not wish people to share their login ids with >> people and even if they do, it should be worthless. The SSH setup that you >> refer to. Is it a machine dependent setup? (Pardon my ignorance). >> Because if it only depends on a user name and a password, it is not useful >> for me no matter how secure the user id and password may be. >> >> On Mon, Sep 7, 2009 at 10:38 AM, Satyajeet Singh <[email protected]>wrote: >> >>> >>> >>> Hi Siddharth, >>> >>> The problem is that Microsoft doesn't allow you to share environment >>> variables in any other environment other that IE which makes it very easy to >>> hack using browsers like Firefox wherein you will be prompted with an input >>> dialog box which will accept any value and will treat it as original >>> environment variable. >>> >>> What about some SSH setup with the clients you want to authenticate? >>> This can be done by creating a config file in your .ssh directory. I >>> have seen this implementation for accessing remote Unix terminals but I >>> guess this might be used for this purpose too. >>> >>> Regards, >>> Satyajeet Singh >>> >> >> >> >> -- >> regards, >> Siddharth Goyal | http://www.sidgoyal1.com >> CEO, Dulcet Solutions | http://www.dulcetsolutions.com >> +91-9818666217 >> > > > -- Regards Assim Deodia | http://nsitonline.in/assim Class of 09, Netaji Subhas Institute of Technology
