Showing posts from September, 2010

Access Control

Note for first Module. Try on. Ganbatte Kudasai. Hikaru is light. I am Hikaru. And Hikaru use Kent. Kendy mean is candy, but this case, it is katana. First! A.    Access Control and Methodology Access Control Basic:     Access Control:         Bảo vệ khỏi những truy cập trái phép (unauthorize access)         Two entities:         Subject: active request access to object, like user, computer...         Object: passive    contain data and information, such as computer, data, file...         Security Principle: CIA: Confidentiality - Integrity - Availablity         3 steps: Indentification, Authentication, Authorization        -> resource         Logical Access: tools for IAAA ( 3 steps + acountablity)         2 steps Authenication: use public infor, like username, user number, and enter private info, such as password, PIN         Strong Authentication: two factor authentication         Indentification compoments: unique, naming schema, nondescriptive user, not share.   

PHP - Simple CMS

Coding. It is process, a work, in my feeling, very hard. But i regard porgramming as lego-games. Use many piece to bulit one program. Last week-end, i try to build CMS using Ajax. It is very simple.: Back-end:   Front-end: One object is cms, it is center of this CMS. It  received request, respone, create html, load template.... I use html text in ajax response, like simple another web, because, i don`t remember using JSON and XML :)). And it is hardly to web server ( many webserver doesn`t support XML response). HTML is simple. I learned many attention: don`t use header command to change header ( again, web server doesn`t support). I used echo and javascript to redirect page. Next, don`t use session_is_registered(0, it can be duplecated. I use $_SESSION['name'] = $value to replace it. Create function if you use more than 2 times, and if it don`t use sql to query, it should out of main objec

Kerberos & One Time Password

Today, i have got free time, remember a lesson about "Authenication methods". It is very usefull, so, i am going to school this next-week ( to be going to, not will :)). Ok, in this lessson, i like on time password (OTP). Main contents is: server store hash password (such as 1000 time) and number of hash times (N, in this example is 1000) in database client request, server send number N to client, it is number of hash time. client recevied that number N, performe hash (N-1) times password ( in this example is 999). Send it to server server recevied hash (N-1) times of password, server hash one time, then compare with database, it true, client allowed. server replace hash (N) times of password by hash (N-1) times of password from client, and number of hash times decrease one time ( N-1), in this example, 999 replace 1000. If N equal 1, password reset. I find many infomations about Kerberos: Started in project Athena ( i don`t know) Introduce in Windows 2000 Use sy