Timeline for What's wrong with my own authentication scheme?
Current License: CC BY-SA 3.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 17, 2014 at 9:54 | comment | added | sellarafaeli | I'm OP. Appreciate very much response; added details in comment to question. Am not saying it would be easy to cover all issues, am wondering whether using an existing library (say, passport.js for an Express.js server) is better than rolling my own. I guess my main thought is: security issues will have to be verified anyway; will it much easier with a 3rd-party lib than by rolling my own? | |
| Apr 16, 2014 at 20:07 | comment | added | dr jimbob | +1 @jimbob gives you a few (and the list is not exhaustive at all) -- Said list was not intended to be exhaustive. Started just describing the obvious CSRF vulnerability in the described part and then felt like adding a few other common things that popped to mind just in regard to authentication (ignoring things like XSS, LFI) as well as user access control, restricting access, secure generation random tokens, weak or reused passwords, don't log passwords in plaintext in server logs, etc | |
| Apr 16, 2014 at 19:24 | history | answered | Thomas Pornin | CC BY-SA 3.0 |