Showing posts from September, 2010

Access Control

Note for first Module. Try on. Ganbatte Kudasai. Hikaru is light. I am Hikaru. And Hikaru use Kent. Kendy mean is candy, but this case, it is katana.
A.    Access Control and Methodology
Access Control Basic:
    Access Control:
        Bảo vệ khỏi những truy cập trái phép (unauthorize access)
        Two entities:
        Subject: active request access to object, like user, computer...
        Object: passive    contain data and information, such as computer, data, file...
        Security Principle: CIA: Confidentiality - Integrity - Availablity
        3 steps: Indentification, Authentication, Authorization        -> resource
        Logical Access: tools for IAAA ( 3 steps + acountablity)
        2 steps Authenication: use public infor, like username, user number, and enter private info, such as password, PIN
        Strong Authentication: two factor authentication
        Indentification compoments: unique, naming schema, nondescriptive user, not share.

PHP - Simple CMS

Coding. It is process, a work, in my feeling, very hard. But i regard porgramming as lego-games. Use many piece to bulit one program.
Last week-end, i try to build CMS using Ajax. It is very simple.:
One object is cms, it is center of this CMS. It  received request, respone, create html, load template....
I use html text in ajax response, like simple another web, because, i don`t remember using JSON and XML :)). And it is hardly to web server ( many webserver doesn`t support XML response). HTML is simple.
I learned many attention: don`t use header command to change header ( again, web server doesn`t support). I used echo and javascript to redirect page.
Next, don`t use session_is_registered(0, it can be duplecated. I use $_SESSION['name'] = $value to replace it.
Create function if you use more than 2 times, and if it don`t use sql to query, it should out of main object. Only Object can…

Kerberos & One Time Password

Today, i have got free time, remember a lesson about "Authenication methods". It is very usefull, so, i am going to school this next-week ( to be going to, not will :)).

Ok, in this lessson, i like on time password (OTP). Main contents is:
server store hash password (such as 1000 time) and number of hash times (N, in this example is 1000) in database
client request, server send number N to client, it is number of hash time.
client recevied that number N, performe hash (N-1) times password ( in this example is 999). Send it to server
server recevied hash (N-1) times of password, server hash one time, then compare with database, it true, client allowed.
server replace hash (N) times of password by hash (N-1) times of password from client, and number of hash times decrease one time ( N-1), in this example, 999 replace 1000.
If N equal 1, password reset.

I find many infomations about Kerberos:
Started in project Athena ( i don`t know)
Introduce in Windows 2000
Use symmetric key…