tailieunhanh - Advanced PHP Programming- P8
Tham khảo tài liệu 'advanced php programming- p8', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | 328 Chapter 13 User Authentication and Session Security Ironically a tuned system makes dictionary attacks even easier for the cracker. At a previous job I was astounded to discover a cracker executing a dictionary attack at more than 100 attempts per second. At that rate he could attempt an entire 50 000-word dictionary in under 10 minutes. There are two solutions to protecting against password attacks although neither is terribly effective Create good passwords. Limit the effectiveness of dictionary attacks. What is a good password A good password is one that cannot be guessed easily by using automated techniques. A good password generator might look like this function random_password length 8 str 11 for i 0 i length i str . chr rand 48 122 return str This generates passwords that consist of random printable ASCII characters. They are also very difficult to remember. This is the key problem with truly random password generators People hate the passwords they generate. The more difficult a password is to remember the more likely a person is to put it on a sticky note on his or her monitor or in a text file or an email message. A common approach to this problem is to put the burden of good password generation on the user and enforce it with simple can allow the user to select his or her own password but require that password to pass certain tests. The following is a simple password validator for this scenario function good_password password if strlen password 8 return 0 if preg_match 11 d 11 password return 0 if preg_match 11 a-z i11 password return 0 This function requires a password to be at least eight characters long and contain both letters and numbers. A more robust function might check to ensure that when the numeric characters are removed what is left is not a single dictionary word or that the user s name or address is Registering Users 329 not contained in the password. This approach to the problems is one of the key tenets of consulting work .
đang nạp các trang xem trước