Discussion on myAuth -Powerful Auth tools w/ encrypted Cookies

AlternaNetworks

AlternaNetworks supports this item

Supported

12 comments found.

Amazing work, no doubt this will prove useful for all those considering user security, which should be everyone!

Hi iamthwee,
Thank you for your kind words :)

  1. Steal Cookies & User Agent
  2. Set Stolen Cookies and User Agent on Domain

User agents are not to be trusted. You can fake it. Update it to check for the IP instead of the User Agent, it’s a hell of a lot harder to fake someone else’s authentication that way.

Apart from that, it’s looking pretty neat, I can see a lot of uses for this.

myAuth use encrypted cookies to auth users, also encrypted cookie has all relevant data from authenticaded user, you can try any example and edit the cookies, you will be deAuthorized inmediatly :)

I don’t need to know the cookies’s information to login as you. The authentication has already taken place and the cookies are unique so will always be the same. Doesn’t matter how many algorithm you throw at it. As long as you don’t change the algorithms The output will always be the same.

A+B+C will still be A+B+C

I am just trying to point out that if I had your admin cookies and user agent, I will be able to login as you. And after I’ve done that I can supposedly access private information anyway, since this is the whole point of Authentication right?

The data inside of cookie has relevant data from the original creator, if the cookie is never re-created on server side you never got access, even if you copy it.

How possible is it to implement a prevent double login? so only one person is allowed to login from only one machine? thanks

Hi, saw your email :)

Checking out your script and I noticed that, with the encrypted image, once I deauthorized it, went to another section of your demosite, and clicked the back button on my browser, it showed me the image again. I don’t think it should do that, right?

Hi, I’m watching demo for something misspelled but everything works fine, did you can explain better to try to replicate? :)

Does this script provide brute-force attack protection? By that I mean a user get bannend for a specific time when entering too often incorrect data.

For brute-force attack protection it’s better to ban the IP for a specific time than storing cookies. (It’s easy to delete cookies after you get bannend)

you can handle this with php SESSIONS

I could really use an authentication class as easy as this one right now.

I have seen most of it before, but I want to see the Documentation again before purchase so I know what I can do with it. But both the demo and the Documentation is down.

Sorry for the trouble, were working on it

Hi, I am looking to purchase this. Will I be able to use this to make a link or page on my website only accessible by a user 1 time? I want to have a file that is only a 1 time download and if they need it again they would have to ask em for a new username and password. Thanks!

you can construct with the library, but needs more custom code.

Hi,

I hope you can help with my current dilema.

I can successfully create a login with myAuth that uses an ajax process page, that then redirects to a good landing page. However. I then have numerous pages that should the be accessible to only logged in users. At the moment they are all been redirected to the index.php ( good landing page ) constantly.

Any ideas how i can make the auth valid on these pages and only redirect if not logged in?

Thanks.

send me an email, i will help you.

I can use this script in my site, is there documentation that i can look at?

sure, let me upload the demo and documentation. (server migration ;))

hello, any progress on the documentation

Demos and documentation are up and running :)

I use unbounce.com landing pages and have them in several different areas of my website. I would like to set up the flow so that once a user fills out any one of the landing pages, they then have full access to the site where all the other landing pages would not show. is this possible with this script?

thanks

This is my third attempt for support. Is this a dead project?

sorry mail server was down from long time, Im changing DNS and you must be able to contact me afternoon.

Ok – please email me when you are available. I need support.

by
by
by
by
by
by