[COLUG] Enterprise Two Factor Authentication
Duane
duane at cacert.org
Tue Mar 13 06:43:13 EST 2007
Pat Collins wrote:
> On Tue, 13 Mar 2007 16:01:45 +1100, Duane <duane at cacert.org> wrote :
>
>> For further details, screen shots and those just curious you can see it
>> all at http://www.freeauth.org
>>
>
> You scare me when I see code like this in php:
>
> http://www.freeauth.org/site/wiki/One%20Time%20Passwords%20with%20PHP
>
> You just know somebody is going to take that code and use it as written
> without scrubbing $username and $password.
I originally wrote that code for the CAcert website (although it has
been altered since the original version) and the website code uses
mysql_real_escape_string in the main code body since if the OTP function
fails it falls back to static password checks.
"It is a wiki!" :)
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
http://www.freeauth.org - Enterprise Two Factor Authentication
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the colug432
mailing list