Hi Assim After reading everything, I believe certificates will be a fine method to achieve what I am trying to do. Thanks everyone for their help.
On Tue, Sep 8, 2009 at 10:15 AM, Assim Deodia <[email protected]>wrote: > > > > Hi Siddarth, > > The login type you are talking about is it a website login or are you > talking about system login like we used to have in linux lab. > In case its a website login. you can use > > 1) Cookies. set a permanent cookie when user registers and you can can use > it to verify the further sessions. This method is very weak and if user > deletes the cookie then there would be no way to set it again. not a good > method > > 2) User String. you can modify browsers user sting such that each string > act as a unique browser id. but you will need physical access to the browser > to set it. It cant be set remotely. again not a good method :) > > 3) Certificates. This method is used by fedora so that only authenticated > browsers can login. a little varient of this is used by OpenID. Method is > very simple. What you do is issue a unique self signed certificate to each > user when he registers which he will need to import in his browser. you > authenticate further sessions using that certificate. using certificate you > can give unique id to each browser. certificates are like cookies which > cannot be modified and are more stable and all the browsers support it. > > There are many way to create a certificate. following links might be > useful: > > http://sial.org/howto/openssl/self-signed/ > http://en.wikipedia.org/wiki/Self-signed_certificate > http://www.dartmouth.edu/~pkilab/pages/More_Using_Web_Res.html<http://www.dartmouth.edu/%7Epkilab/pages/More_Using_Web_Res.html> > > 4) SSH. ssh is one of the easiest method to setup and widely used method > for authentication and definitely the best method if you are providing > shell access to the users or access to a particular system application. but > i am not sure how you can use ssh to authenticate website login. > > > > On Mon, Sep 7, 2009 at 8:57 PM, Satyajeet Singh <[email protected]>wrote: > >> >> >> Hi Siddharth, >> >> The SSH setup is one of the most secure authentication methods for >> logging in. It actually exchanges machine fingerprints(a long hashed key) >> and the next time a registered client wants to login, the system looks for >> the fingerprint. If the fingerprint is found in it's .ssh config file then >> it automatically authenticates else denies. As evident, there is no question >> of login id and password which I think is exactly what you have been looking >> for. However, this process will make authentication restricted to only one >> machine per registered user. >> >> @ Deepak,Siddharth: Flaws in other methods such as Mac Id is that one >> can easily change the mac address within seconds(with or without >> applications) to hack the system and the same can be done with machine ids >> as they can be exploited very easily on network with tools. >> >> Regards, >> Satyajeet Singh >> Sent from Pune, MH, India >> >> On Mon, Sep 7, 2009 at 7:54 PM, Siddharth Goyal <[email protected]>wrote: >> >>> >>> >>> Hello >>> The main problem is that I do not wish to make things too complicated for >>> people who log in and I do not wish people to share their login ids with >>> people and even if they do, it should be worthless. The SSH setup that you >>> refer to. Is it a machine dependent setup? (Pardon my ignorance). >>> Because if it only depends on a user name and a password, it is not >>> useful for me no matter how secure the user id and password may be. >>> >>> On Mon, Sep 7, 2009 at 10:38 AM, Satyajeet Singh >>> <[email protected]>wrote: >>> >>>> >>>> >>>> Hi Siddharth, >>>> >>>> The problem is that Microsoft doesn't allow you to share >>>> environment variables in any other environment other that IE which makes it >>>> very easy to hack using browsers like Firefox wherein you will be prompted >>>> with an input dialog box which will accept any value and will treat it as >>>> original environment variable. >>>> >>>> What about some SSH setup with the clients you want to >>>> authenticate? This can be done by creating a config file in your .ssh >>>> directory. I have seen this implementation for accessing remote Unix >>>> terminals but I guess this might be used for this purpose too. >>>> >>>> Regards, >>>> Satyajeet Singh >>>> >>> >>> >>> >>> -- >>> regards, >>> Siddharth Goyal | http://www.sidgoyal1.com >>> CEO, Dulcet Solutions | http://www.dulcetsolutions.com >>> +91-9818666217 >>> >> >> > > > > -- > Regards > Assim Deodia | http://nsitonline.in/assim > Class of 09, > Netaji Subhas Institute of Technology > > > -- regards, Siddharth Goyal | http://www.sidgoyal1.com CEO, Dulcet Solutions | http://www.dulcetsolutions.com +91-9818666217
