darthneo Posted August 12, 2008 Share Posted August 12, 2008 Hello everyone, i was kinda bored so i made a login script that uses a username p/w and a file to log in... i was wondering if you guys could test it out for me just please dont use your real passwords.... http://darthneo.gotdns.com/ --edit And please don't upload anything illegal thanks --edit i think 100mb is messing up the script :( its kind of working ill see if i can host it off my pc... try that one its running off my pc.... Quote Link to comment Share on other sites More sharing options...
silentknight329 Posted August 13, 2008 Share Posted August 13, 2008 works for me cool stuff Quote Link to comment Share on other sites More sharing options...
darthneo Posted August 14, 2008 Author Share Posted August 14, 2008 only one person has tried it :( Does anyone think that this would be a cool thing to use? I mean it would be harder to 'get' into someones account because you would need more then a password -edit Right now i'm trying to get MySQL to work so if the page doesn't load try it again in a few minutes Quote Link to comment Share on other sites More sharing options...
Deveant Posted August 14, 2008 Share Posted August 14, 2008 works fine, but then again it should. Though i don't see a reason for it? most security concerns don't come in at the login prompt, they tend to be more pointed to session handling and XSS. Though if you want to stop key loggers this would work, but then there is an issue of if I'm traveling around i will store the file on a flash drive, what happens if the file corrupts? I'm screwed. Quote Link to comment Share on other sites More sharing options...
darthneo Posted August 14, 2008 Author Share Posted August 14, 2008 guess there is no point to it lol... was just bored yea that would suck if your file got corrupted Quote Link to comment Share on other sites More sharing options...
Forced Request Posted August 15, 2008 Share Posted August 15, 2008 I don't see the sense in a 'security file' upload. It's easy for someone at your computer to get ahold of your file as well. Not to mention allowing _any_ type of file to be uploaded is only asking for trouble. You yourself are asking us to be trusting, when in all reality, some of us aren't. Your idea is legitimate, but I don't think you have thought it through entirely. There are other alternatives such as the common, 'Recover your password', questions. Quote Link to comment Share on other sites More sharing options...
Deveant Posted August 15, 2008 Share Posted August 15, 2008 @Forced Request:i wouldn't be that harsh on the idea. It has potential, and defiantly is a form of security. Though as you mentioned there is the trust issue of allowing people to upload there own files, fix for this, when creating the account, create your own lil file (like under 1kb), and give that to the user as there key. Also don't ever store theses files on the host, i assume with in the script your just checking the Hash? Quote Link to comment Share on other sites More sharing options...
Forced Request Posted August 15, 2008 Share Posted August 15, 2008 Sorry if it seemed a bit harsh, I was tired. Anyways, like I said, the idea has potential and could certainly be used as an authentication factor, if implemented securely. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.