[WEB SECURITY] Password-less login ?
glennpierce at gmail.com
Mon Jan 28 16:07:27 EST 2013
Thanks for the good ideas everyone. I have a few things to think about.
When accessing through https what will upstream proxies log ? Just
the encrypted url right ?
On 28 January 2013 09:13, Glenn Pierce <glennpierce at gmail.com> wrote:
> Hi I like to have opinions on the security of logging into a website
> with just a uid
> I have inherited a system that provides a login for tablets which login in
> this manner.
> (It needs an automated login for the tablets)
> Obviously the url in required to be encrypted by always requiring https.
> We often provide one time tokens like this when someone has forgotten
> their password.
> But why not allow this to be a permanent login ?
> Why is requiring a uid like above worst than a username,password ?
> I believe I am missing something stupid as you would see more of this kind
> of thing.
> That makes be nervous.
> Thanks for any feedback.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity