• darwin (unregistered) in reply to cklam
    cklam:
    ... for e-banking web apps two-factor (or even three-factor authentication) should be implemented (at least) for performing actual transactions.

    One way to do this are one-time-passwords (...TAN...).

    Before, you as an end user could select at your will which TAN ... to use.... Nowadays (presumably because users were ... writing them down .../storing them on PDAs or whatever) the banking apps requests you provide a TAN specified by row and column....

    I would be happy if my bank would just start using an https login page, but they insist on having a login form on their home page, which is just delivered over http.

    Regarding the TANs, I don't see how specifying row and column would stop the users from storing them on their PDAs; they would just have to store a list of row+column+TAN. Presumably specifying the row and column is done to force the user to prove they have access to the entire block. Although the more I think about it, I'm not sure of the value of that for security.

  • Fog (unregistered)

    From our code:

    public bool IsUniqueLogin(string username) { bool isNewUser = true; foreach (ProfileEntity user in service.GetAllProfiles()) { if (user.Username == username) { isNewUser = false; break; } } return isNewUser; }

  • Sven Hoek (unregistered) in reply to D

    hmmm .. add a whereclause

    "select * from users where username='testuser'"

    and now it passes the test case again. Jolly good !!!

  • erwtrewtrg (unregistered) in reply to fmobus
    Comment held for moderation.
  • fddf (unregistered)

    北京有几家好的翻译公司?推荐一家好的翻译公司给你认识,翻译速度快,质量好。www.jiayinte.cn 推荐一个好的翻译论坛给你认识,各行业翻译词汇,专业术语应有尽有,是翻译的好帮手。www.jiayinte.net/sn1/bbs/ 北京有几家好的同传翻译公司?推荐一家好的 翻译公司给你认识,质量好www.czfw.net

  • fdf (unregistered)
    Comment held for moderation.
  • asdad (unregistered)
    Comment held for moderation.
  • kyoooon (unregistered)
    Comment held for moderation.
  • gnh (unregistered) in reply to kyoooon
    Comment held for moderation.
  • dgf (unregistered)
    Comment held for moderation.
  • xuanlu425 (unregistered)
    Comment held for moderation.
  • xuanlu425 (unregistered) in reply to xuanlu425
    Comment held for moderation.
  • xuanlu425 (unregistered)
    Comment held for moderation.
  • sed (unregistered)
    Comment held for moderation.
  • lhg (unregistered)
    Comment held for moderation.
  • awe (unregistered)
    Comment held for moderation.
  • ryu (unregistered)
    Comment held for moderation.
  • ryu (unregistered)
    Comment held for moderation.
  • asako (unregistered)
    Comment held for moderation.
  • eee (unregistered)
    Comment held for moderation.
  • (cs) in reply to Donkey
    Donkey:
    Aside from the WTF with the where clause...

    I liked the fact that this.authenticated = false; gets called for every record that doesn't match.

    OMG I didn't even notice that.

  • minoru (unregistered)
    Comment held for moderation.
  • she (unregistered)
    Comment held for moderation.
  • sfsfss (unregistered)
    Comment held for moderation.
  • sfsfss (unregistered)
    Comment held for moderation.
  • hide (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • west (unregistered)
    Comment held for moderation.
  • ruru (unregistered)
    Comment held for moderation.
  • daete (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • nobunaga (unregistered)
    Comment held for moderation.
  • wholesale jordan shoes (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • ron (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • sgsgs (unregistered)
    Comment held for moderation.
  • えあd (unregistered) in reply to D
    Comment held for moderation.
  • dshs (unregistered)
    Comment held for moderation.
  • hiu (unregistered) in reply to dshs
    Comment held for moderation.
  • gfjhjg (unregistered)
    Comment held for moderation.
  • dsafsaf (unregistered)
    Comment held for moderation.
  • zcxzczxzc (unregistered)
    Comment held for moderation.
  • taron (unregistered)
    Comment held for moderation.
  • toraba (unregistered)
    Comment held for moderation.
  • gfjhjg (unregistered)
    Comment held for moderation.
  • gfjhjg (unregistered)
    Comment held for moderation.
  • mike (unregistered)
    Comment held for moderation.
  • dgsdg (unregistered)
    Comment held for moderation.

Leave a comment on “But It Worked in the Demo”

Log In or post as a guest

Replying to comment #:

« Return to Article