java - Is using AD credentials entered into form fields as opposed to the browser integrated auth window bad practice? -

-

I'm looking for some feedback about the practice of authenticating an intranet based web app to request users I use the domain \ username and password fields in opposition to using native browser-based challenge windows for integrated certification, for example, ad credentials directly in the form field. In the form-based example, the credential in the Sadiq text is passed to the application and it is essential that the data relies on the integrity of the application to handle it properly. I think this is equivalent to entering my open ID credentials directly into a host app on the Internet.

So my questions are:

  1. Is there any best practice guide on considering a custom web app (mainly Net / Java stack) in Eddie's environment?
  2. Can you think of any legitimate circumstances where it is really necessary?
  3. Is this a legitimate concern or am I just being mad ?!

In a highly secure environment safe focus sequence CTRL- When using ALT-DEL, users are encouraged to enter their credentials only, which is designed so that it can not be intercepted by the application.

So in such an environment, browser challenge window for authentication will also be doubted. Instead you will login locally using the same adi credentials, as you need access to the website, and will be authenticated without being prompted.

I would say that the Eddie credentials form field is very skeptical if credentials can be used to access other sensitive resources even if the app developers are well intentioned, it is a Unnecessary security holes For example, anyone who writes on the web directory can easily change the entry form and capture credentials.


Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more