Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anatoly2017-03-11 14:39:29
Sessions
Anatoly, 2017-03-11 14:39:29

How is the authorization (web)?

Hello!
I don't fully understand how this happens. You can provide links to literature and articles, if you are interested in various authorization options: classic, by tokens, with a refresh token, etc.
I find articles, but they are in the how to mode, superficially or already for those who have seen the light, but are interested in detail, with a description of the mechanisms.
I worked on the site, found a script that was loaded through the "hole", it received from php.ini the addresses of the session, tmp folders, a bunch of other settings, which I changed. Then a script that merged the database. Of course, this is a blatant hack and no tokens and SMS authorization will save you from it. But, it made me think about the authorization process and its vulnerability.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Shamsudin Serderov, 2017-03-11
@Skit25

Catch!!

Similar questions
S
sugarufc2015-01-09 22:12:31
Sessions in PHP, what's the problem? 4Reply
P
p3trukh1n2019-06-01 17:55:39
Why are sessions not saved? 0Reply
J
JIenpukoH2015-01-18 22:55:33
How to transfer a session to a subdomain? 1Reply
C
cehka2019-08-09 00:26:57
How to log out a person after some time in Django? 1Reply
I
Ivan Demidov2017-03-27 09:34:28
Sharing Yii1 and Yii2? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question