Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Suitabe tokens for autologin?
Suitabe tokens for autologin?
  • Offline CallHimX
    Newbie
  • *
  • Posts: 5
    Threads: 0
    Joined: Nov 2015
    Reputation: 1
#3
07-27-2016, 03:47 AM
(This post was last modified: 07-27-2016, 03:51 AM by CallHimX.)

In the end, nothing is secure enough to prevent all attacks, if there someone exist.
If you login your user with a "Remember-Token", the token should be completely random (obviously 100% unique), nothing related to the user.
So the possible attacker has to trial and error thousands of random tokens to get access to an account, whats nearly impossible.

But in case the attacker has access to the machine of your user, in any way you want, a Trojan maybe, he can read out the cookie data
and no master-unhackable-super-token can prevent that the attacker is getting into this account.
Reply


Messages In This Thread
Suitabe tokens for autologin? - by wolfgang1983 - 07-27-2016, 01:21 AM
RE: Suitabe tokens for autologin? - by InsiteFX - 07-27-2016, 03:31 AM
RE: Suitabe tokens for autologin? - by CallHimX - 07-27-2016, 03:47 AM



Theme © iAndrew 2016 - Forum software by © MyBB