[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how can you verify that the site you get is not a fake?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andy Pieters wrote:

|>Here's an idea... you expect the site to challenge YOU for your password
|>before giving you access, right?  Well keep that, but register a second
|>password with the site when you join it, and the site has to show it to
|>you over https before you will believe it is the site that you
|>originally joined ;-)

| Say... this system isn't pattented is it?  I am thinking of
incorporating it
| in my products.

Not to my knowledge... and it's public domain now ;-)  Further thought:
you can stick the word or picture ((c) Matthew Miller) on the login page
so it doesn't get in the way at all.  The word/picture HTML needs to
come with a script to "break out of frames" or somehow violently object
to the user if it is in an IFRAME, and ideally check the referrer URL.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFCpUpdjKeDCxMJCTIRAvlHAKCD1DFdx4UiRLweONWDkiqIKWhgDgCfV6Bx
6seRsX9/ckQYZNAbwgYCGFY=
=p+aQ
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]