• darwin (unregistered) in reply to cklam
    cklam:
    ... for e-banking web apps two-factor (or even three-factor authentication) should be implemented (at least) for performing actual transactions.

    One way to do this are one-time-passwords (...TAN...).

    Before, you as an end user could select at your will which TAN ... to use.... Nowadays (presumably because users were ... writing them down .../storing them on PDAs or whatever) the banking apps requests you provide a TAN specified by row and column....

    I would be happy if my bank would just start using an https login page, but they insist on having a login form on their home page, which is just delivered over http.

    Regarding the TANs, I don't see how specifying row and column would stop the users from storing them on their PDAs; they would just have to store a list of row+column+TAN. Presumably specifying the row and column is done to force the user to prove they have access to the entire block. Although the more I think about it, I'm not sure of the value of that for security.

  • Fog (unregistered)

    From our code:

    public bool IsUniqueLogin(string username) { bool isNewUser = true; foreach (ProfileEntity user in service.GetAllProfiles()) { if (user.Username == username) { isNewUser = false; break; } } return isNewUser; }

  • Sven Hoek (unregistered) in reply to D

    hmmm .. add a whereclause

    "select * from users where username='testuser'"

    and now it passes the test case again. Jolly good !!!

  • fddf (unregistered)

    北京有几家好的翻译公司?推荐一家好的翻译公司给你认识,翻译速度快,质量好。www.jiayinte.cn 推荐一个好的翻译论坛给你认识,各行业翻译词汇,专业术语应有尽有,是翻译的好帮手。www.jiayinte.net/sn1/bbs/ 北京有几家好的同传翻译公司?推荐一家好的 翻译公司给你认识,质量好www.czfw.net

  • xuanlu425 (unregistered)
    Comment held for moderation.
  • lhg (unregistered)
    Comment held for moderation.
  • awe (unregistered)
    Comment held for moderation.
  • ryu (unregistered)
    Comment held for moderation.
  • (cs) in reply to Donkey
    Donkey:
    Aside from the WTF with the where clause...

    I liked the fact that this.authenticated = false; gets called for every record that doesn't match.

    OMG I didn't even notice that.

  • sfsfss (unregistered)
    Comment held for moderation.
  • west (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • dshs (unregistered)
    Comment held for moderation.
  • cheap uggs (unregistered)

    Life   --- By Allan Houston   Life can be good,   Life can be bad,   Life is mostly cheerful,   But sometimes sad.   Life can be dreams,   Life can be great thoughts;   Life can mean a person,   Sitting in court.   Life can be dirty,   Life can even be painful;   But life is what you make it,   So try to make it beautiful.

Leave a comment on “But It Worked in the Demo”

Log In or post as a guest

Replying to comment #:

« Return to Article