Welcome! Log In Create A New Profile

Re: Single Sign On with Nginx

Forum List Message List New Topic Print View

Mikhail Fursov

February 26, 2010 03:24AM

2010/2/26 Andrew Kopeyko <kaa@zvuki.ru>

> Mikhail Fursov wrote:
>
>>
>> 2) Должна быть указан URL страницы на которую переходить при ошибке
>> аутентификации. Тут важно передать странице с ошибкой полную информацию об
>> аутентификации - логин, пароль, тип ошибки (если возможно). В Apache этого
>> нет, поэтому когда происходит ошибка аутентификации и пользователя требуют
>> заново ввести пароль совсем непонятно по какой причине: его аккаунт
>> заблокирован, задан неправильный пароль etc. Это очень неудобно.
>>
>
> Зато правильно с точки зрения безопасности - при отказе в доступе не
> происходит раскрытия информации. Удивительно, что вы не знаете таких базовых
> вещей.
>
> А ваш "дружественный" интерфейс будет подыгрывать взломщику, позволяя ему
> последовательно подобрать логин, а затем пароль.
>
> Вы ведь не ограничиваете кол-во неудачных попыток авторизации?
>
>
Я не гуру в разработке веб-серверов но не вижу тут никакого раскрытия
информации. На error-document шли бы те же данные, что ввел сам
пользователь. Что из них ожно раскрыть? Код ошибки - его можно и убрать
вообще, тк его можно воспроизвести из login/password непосредственно на
error-document.

--
Mikhail Fursov
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://nginx.org/mailman/listinfo/nginx-ru

Reply Quote

RSS

Subject	Author	Posted
Single Sign On with Nginx	Mikhail Fursov	February 23, 2010 02:34PM
Re: Single Sign On with Nginx	SaveFrom.net	February 23, 2010 04:50PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 23, 2010 06:32PM
Re: Single Sign On with Nginx	Daniel Podolsky	February 23, 2010 07:20PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 24, 2010 01:50AM
Re: Single Sign On with Nginx	Daniel Podolsky	February 24, 2010 04:32AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 25, 2010 11:34AM
Re: Single Sign On with Nginx	Daniel Podolsky	February 25, 2010 12:36PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 25, 2010 01:50PM
Re: Single Sign On with Nginx	Daniel Podolsky	February 25, 2010 03:38PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 25, 2010 04:42PM
Re: Single Sign On with Nginx	Andrey N. Oktyabrski	February 26, 2010 03:06AM
Re: Single Sign On with Nginx	Sergej Kandyla	February 26, 2010 03:58AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 04:04AM
Re: Single Sign On with Nginx	Sergej Kandyla	February 26, 2010 04:40AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 07:54AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 12:24PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 12:26PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 12:30PM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 12:38PM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 02:04AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 03:24AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 04:38AM
Re: Single Sign On with Nginx	Gena Makhomed	February 26, 2010 06:18AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 06:46AM
Re: Single Sign On with Nginx	Sergej Kandyla	February 26, 2010 09:32AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 10:26AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 10:38AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 10:52AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 11:14AM
Re: Single Sign On with Nginx	Daniel Podolsky	February 26, 2010 11:20AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 11:26AM
Re: Single Sign On with Nginx	Daniel Podolsky	February 26, 2010 12:18PM
Re: Single Sign On with Nginx	Gena Makhomed	February 26, 2010 01:04PM
Re: Single Sign On with Nginx	Alex L. Demidov	February 26, 2010 01:34PM
Re: Single Sign On with Nginx	Gena Makhomed	February 26, 2010 02:26PM
Re: Single Sign On with Nginx	Alex L. Demidov	February 26, 2010 03:04PM
Re: Single Sign On with Nginx	Gena Makhomed	February 26, 2010 03:38PM
Re: Single Sign On with Nginx	Andrey N. Oktyabrski	February 26, 2010 07:18AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 08:02AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 08:00AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 08:08AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 09:38AM
Re: Single Sign On with Nginx	Andrew Kopeyko	February 26, 2010 10:36AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 26, 2010 10:44AM
Re: Single Sign On with Nginx	Kirill A. Korinskiy	February 27, 2010 04:46AM
Re: Single Sign On with Nginx	Daniel Podolsky	February 27, 2010 05:20AM
Re: Single Sign On with Nginx	Kirill A. Korinskiy	February 27, 2010 06:54AM
Re: Single Sign On with Nginx	Sergey Averyanov	February 27, 2010 07:16AM
Re: Single Sign On with Nginx	Kirill A. Korinskiy	February 27, 2010 01:22PM
Re: Single Sign On with Nginx	Daniel Podolsky	February 27, 2010 07:34AM
Re: Single Sign On with Nginx	Kirill A. Korinskiy	February 27, 2010 01:20PM
Re: Single Sign On with Nginx	Daniel Podolsky	February 27, 2010 04:42PM
Re: Single Sign On with Nginx	Sergej Kandyla	February 24, 2010 03:20AM
Re: Single Sign On with Nginx	Mikhail Fursov	February 25, 2010 10:52AM
Re: Single Sign On with Nginx	Kirill A. Korinskiy	February 27, 2010 04:46AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 134

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018