Jump to content

test my login script?


darthneo

Recommended Posts

Hello everyone, i was kinda bored so i made a login script that uses a username p/w and a file to log in...

i was wondering if you guys could test it out for me just please dont use your real passwords....

http://darthneo.gotdns.com/

--edit

And please don't upload anything illegal

thanks

--edit

i think 100mb is messing up the script :( its kind of working ill see if i can host it off my pc...

try that one its running off my pc....

Link to comment
Share on other sites

only one person has tried it :(

Does anyone think that this would be a cool thing to use? I mean it would be harder to 'get' into someones account because you would need more then a password

-edit

Right now i'm trying to get MySQL to work so if the page doesn't load try it again in a few minutes

Link to comment
Share on other sites

works fine, but then again it should. Though i don't see a reason for it? most security concerns don't come in at the login prompt, they tend to be more pointed to session handling and XSS.

Though if you want to stop key loggers this would work, but then there is an issue of if I'm traveling around i will store the file on a flash drive, what happens if the file corrupts? I'm screwed.

Link to comment
Share on other sites

I don't see the sense in a 'security file' upload. It's easy for someone at your computer to get ahold of your file as well. Not to mention allowing _any_ type of file to be uploaded is only asking for trouble. You yourself are asking us to be trusting, when in all reality, some of us aren't.

Your idea is legitimate, but I don't think you have thought it through entirely. There are other alternatives such as the common, 'Recover your password', questions.

Link to comment
Share on other sites

@Forced Request:i wouldn't be that harsh on the idea. It has potential, and defiantly is a form of security.

Though as you mentioned there is the trust issue of allowing people to upload there own files, fix for this, when creating the account, create your own lil file (like under 1kb), and give that to the user as there key. Also don't ever store theses files on the host, i assume with in the script your just checking the Hash?

Link to comment
Share on other sites

Sorry if it seemed a bit harsh, I was tired.

Anyways, like I said, the idea has potential and could certainly be used as an authentication factor, if implemented securely.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...