how can you verify that the site you get is not a fake?
Andy Green
andy at warmcat.com
Tue Jun 7 07:18:53 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andy Pieters wrote:
|>Here's an idea... you expect the site to challenge YOU for your password
|>before giving you access, right? Well keep that, but register a second
|>password with the site when you join it, and the site has to show it to
|>you over https before you will believe it is the site that you
|>originally joined ;-)
| Say... this system isn't pattented is it? I am thinking of
incorporating it
| in my products.
Not to my knowledge... and it's public domain now ;-) Further thought:
you can stick the word or picture ((c) Matthew Miller) on the login page
so it doesn't get in the way at all. The word/picture HTML needs to
come with a script to "break out of frames" or somehow violently object
to the user if it is in an IFRAME, and ideally check the referrer URL.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCpUpdjKeDCxMJCTIRAvlHAKCD1DFdx4UiRLweONWDkiqIKWhgDgCfV6Bx
6seRsX9/ckQYZNAbwgYCGFY=
=p+aQ
-----END PGP SIGNATURE-----
More information about the users
mailing list