Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Web Authentication

from [Kamran Iqbal] Network Security [Permanent Link]
Subject: RE: Web Authentication
Date: Mon, 31 Jul 2006 17:24:44 +0100 
Hi,

The given below link might help you.

http://sniptools.com/tutorials/windows-apache-and-htaccess-authenticatio
n


Regards,
Kami

-----Original Message-----
From: pimp mastermind [mailto:gbchustla@gmail.com] 
Sent: 31 July 2006 17:16
To: Florian Streck
Cc: security-basics@securityfocus.com
Subject: Re: Web Authentication

Hi there... do you know some software or exploit or whatever which can
make a brute force attack to htaccess? i just want to see how it works
or if there is some web site with more detailed information about this
kind of attack (brute force) ...actually i know how its work when you
try to compromise some work station but i never knew how it works with
htaccess. Thanks all

On 7/27/06, Florian Streck <streck@papafloh.de> wrote:

On Mon, Jul 24, 2006 at 10:54:46AM +0300, Maxim Kostyukov wrote:

What exactly you want to achieve by doing "better web

authentication"?

In you case, what are those weaknesses with htpasswd scheme?


Well the problem with htaccess is that there is no mechanism that
checks for the number of trials or failures.
So you can brute-force your way in.



I am asking because it is almost impossible to answer your question
without additional info.

----- Original Message -----
From: "pimp mastermind" <gbchustla@gmail.com>
To: <security-basics@securityfocus.com>
Sent: Thursday, July 20, 2006 7:36 AM
Subject: Web Authentication



I have Slackware 10.1 runing. I am using it as a router and
fileserver. I use Apache 1.3 for web access. I have some web
directories which i want to secure more strongly than with htpasswd
but i dont know any other ways of authentication. Also a lot of my
scripts in those directories are wirted in PHP Perl and CGI

scripting.

I need to find a better way of authentication? Does any one knows

any

better way of authentication?
Thank you all in advance for your help




You could for example write a script that checks the logfiles for

failed access

attempts and if there are to many restrict the access permissions for
the directories.
Otherwise you have to use scripts that provide the content of the
directories.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEyJFrIXCBARCXXgwRAtD+AKCBShe/vqtLI2nEh08sLJLeKZRPggCcCJx7
0UHI6UBCVP4mo7fNdm479Es=
=/Vzg
-----END PGP SIGNATURE-----





------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---






---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SF new column announcement: E-mail privacy in the workplace, Kelly Martin
Next by Date:  RE: Analysing Windows Syslogs, Jordan.Dallas
Previous by Thread:  Re: Web Authentication, Emilio Casbas
Next by Thread:  Log Management Policy and Procedures, Bob Dienhart
Indexes:  [Date] [Thread] [Top] [All Lists]