Looking for system/device authentication solution for web app

Looking for system/device authentication solution for web app
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Looking for system/device authentication solution for web app bobrich 02-08-2006
Posted by on February 8, 2006, 9:12 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I'm looking for viable solutions to authenticate the client in a web
application. Think something slightly stronger than required to
prevent the unwashed masses from tampering with a web poll.

Certificates have been ruled out, as have hardware tokens, primarily
for both implementation and deployment costs.

I have found a specific product that seems to fit the bill, but am
looking for similar alternatives:

http://www.sandfordtechnology.com/default.asp?page=PositiveID

It appears to push an ActiveX control down to the client that
essentially 'fingerprints' aspects of the machine, computes a string
from that fingerprint and authenticates the system with a derivative
thereof (hashed/encrypted/etc). I like the fact that it is entirely
software based, the IE requirement isn't a problem in this circumstance
(well, it is, but you know what i mean). I'm actually just concerned
about vendor viability (never heard of these guys, web site is a little
broken, etc) and am looking for options.

Rolling our own is an option, any suggestsions there would be
appreciated as well.

Thanks for any help you can provide!!!

Bob


Posted by Volker Birk on February 8, 2006, 10:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options
bobrich@gmail.com wrote:
> I'm looking for viable solutions to authenticate the client in a web
> application. Think something slightly stronger than required to
> prevent the unwashed masses from tampering with a web poll.
> Certificates have been ruled out, as have hardware tokens, primarily
> for both implementation and deployment costs.

Then passwords are left.

> It appears to push an ActiveX control down to the client

Very bad idea for the owner of the client.

Yours,
VB.
--
> was ist wenn $BACKUPSERVER und $PRODUKTIVSERVER in einem Gebäude, Stockwerk
> oder Serverraum stehen und die Löschanlage (Fehlfunktion oder Brandfall)
> die komplette IT zerstört
Murphy meets Darwin. (Timm Thiemann zu Thomas Wildgruber in d.a.s.r)

Similar ThreadsPosted
Solution for securing VPN/RAS using 2-factor SMS Authentication June 12, 2005, 3:01 am
remote access solution with mobile phone / SMS-based authentication? December 19, 2005, 4:43 am
SSL Server authentication, SSL client authentication, SSL connection and SSL session August 14, 2006, 1:05 pm
WEP authentication, why WEP authentication scheme is flawed and how it can be attacked August 1, 2006, 12:51 pm
Antispam solution. July 16, 2004, 5:48 pm
Solution for antivirus July 21, 2008, 7:30 am
Looking for a new Network Security Solution April 6, 2004, 5:46 am
IS DoS security solution is IPSEC? May 1, 2005, 7:31 am
Looking 4 cheap video surveillance solution March 1, 2006, 12:01 pm
Looking for a Windows/Unix crypting solution ? December 6, 2006, 4:45 am

The site map in XML format XML site map

Contact Us | Privacy Policy