Re: Basic authentication against automated attacks
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 15:18:30 +1100
"Bulent" <bulent@xxxxxxxxxxxxxx> wrote in message
news:1141099831.090526.260730@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: Ken,
:
: Thank you for your quick response.
:
: I assume that a much greater number of components would be involved
: "after" the authentication process. If this assumption is correct, is
: it fair to say that basic authentication (with SSL) would minimise the
: risk of such attacks (buffer overflow) being successful.
Yes. Anything that prevents the payload from getting to the vulnerable
component would help.
So, requiring SSL would stop any attack that only operated over HTTP
Using Host-Headers would stop any attack that didn't supply a Host: HTTP
header
Using Basic Auth (or any Auth) would stop attacks that couldn't supply a
username/password
All of this does assume that the affected component is after the barrier.
Mostly this will stop automated attacks - manual attacks are a different
matter (but generally manual attacks would be directed against valuable
servers, not a server you might have sitting at home running your personal
website).
Cheers
Ken
.
- Follow-Ups:
- Re: Basic authentication against automated attacks
- From: Bulent
- Re: Basic authentication against automated attacks
- References:
- Basic authentication against automated attacks
- From: Bulent
- Re: Basic authentication against automated attacks
- From: Ken Schaefer
- Re: Basic authentication against automated attacks
- From: Bulent
- Basic authentication against automated attacks
- Prev by Date: Re: Basic authentication against automated attacks
- Next by Date: Re: IE prompts for a password when using anonymous authentication
- Previous by thread: Re: Basic authentication against automated attacks
- Next by thread: Re: Basic authentication against automated attacks
- Index(es):
Relevant Pages
|
