SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-09-2008, 01:47 PM
| ||||
| ||||
 Fwd: How to allow users to log on only from my application <korryd@enterprisedb.com> wrote: > Say that your application offers a way for each user to set/change > his own password. > > When I (using your application) change my password, you could > combine my new password with a secret value and then send the > result to the PG server (so now the PG server thinks that my > password is my_password+your_secret). This is a special case of (2,2) secret sharing: http://en.wikipedia.org/wiki/Secret_sharing Here the secret is the actual password, a+b, shared into two parts, a and b. The above scheme suffers from the problem that the user now knows quite a lot about the secret. If this is an issue, there are more sophisticated combining schemes that give the user no advantage over someone who knows neither half of the secret. - John D. Burger MITRE ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend      |
Linear Mode
