Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anatoly2017-03-11 14:39:29
Sessions
Anatoly, 2017-03-11 14:39:29

How is the authorization (web)?

Hello!
I don't fully understand how this happens. You can provide links to literature and articles, if you are interested in various authorization options: classic, by tokens, with a refresh token, etc.
I find articles, but they are in the how to mode, superficially or already for those who have seen the light, but are interested in detail, with a description of the mechanisms.
I worked on the site, found a script that was loaded through the "hole", it received from php.ini the addresses of the session, tmp folders, a bunch of other settings, which I changed. Then a script that merged the database. Of course, this is a blatant hack and no tokens and SMS authorization will save you from it. But, it made me think about the authorization process and its vulnerability.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Shamsudin Serderov, 2017-03-11
@Skit25

Catch!!

Similar questions
J
John2014-08-24 22:45:38
Session persistence in NodeJs? 1Reply
E
Eugene2016-09-12 06:41:13
Authorization (Beego/session). How does it work? 1Reply
U
uporotyy2016-10-08 16:14:30
CodeIgniter - How to work with sessions correctly? 1Reply
D
DmitryNnov2019-04-01 00:29:09
Why is data not saved to the global Session variable? 2Reply
M
Maxon2014-11-06 18:07:24
How to protect voting from session spoofing? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question