|
My next little project
Haven for forums with trolls: a Java applet that makes a unique hash based on the user's hardware configuration and sends it to the registration script. Will work in any browser on any computer with the Java plugin.
Partially tested already and only vulnerable to decompiling or completely replacing the applet, but then again nothing you can do there. However the vast majority of trolls won't know how to do either. Fun? :) |
Lol yes but what do you want it for ;)?
- miSt |
It would more firmly establish one registration per machine (obviously IP-based an cookie-based methods are unreliable).
|
That would be cool.
|
Ahh so you could check for dupe users more easily ;)?
|
And it would also ensure that a banning feature based on this uniue hash would be possible, and therefore more likely to result in a permanent ban:)
Satan |
Well it obviously won't work for existing users, but upon registering it'll store the hash with their account, and when a user tries to register, it'll make sure that hash hasn't been registered.
Some parts of Java kick ass, others suck [random derrogatory term]... |
Luckily for me none of my existing users are evil doers;)
Satan |
Quote:
If we had an option like this, we'd have to think of a way to route existing members through the process, too. But how? Maybe "invent" a one-time reauthentication requirement.... as part of a security upgrade? Make it like a patch with a pop up they click on next time they visit the site? Or couple the applet with some other (unrelated) hack, that sorta re-registers them.... but seems plausible? Any ideas on this? |
What happens to people with Java disabled?
MRJ (Mac OS Runtime for Java) is buggy :confused: |
People without Java are screwed. I agree it's not a very good method, but I wouldn't have to code it in the first place given a perfect world.
I may end up selling it. Right now I'm stuck on the part where it sends the data to the server (Java overcomplicates so many things it's not even funny). |
1 Attachment(s)
Yay:
|
Hehe, that'd be neat. :)
|
What about someone with 2 computers or maybe a home computer and a laptop when they travel? And with this, they couldn't login from somewhere else, could they?
|
From my understanding, the ID I'm generating is a hashcode describing the user's network setup. Now hopefully that means hardware setup and not software (i.e., not IP).
Yes, you can easily get around it by using another computer, but there are only so many computers the troll can get his/her hands on ;) |
Perhaps an ability to have multiple computers when a solution for existing users is found;)
Satan |
mmmmm....this looks reallly really cool...and i vote you dont sell it and release it on vb.org....:D...:p
|
I might release a lite version here and a for-sale version with stronger security (client/server-side checksumming to make it nearly impenitrible). Maybe I should finish coding it, though :p
|
Yeh;)
I'd be willing to invest in it:) You know me - Security mad:p Satan |
Very nice idea filburt1 - you'll be writing stuff for TCPA next :p.
|
Release it for free turtle.. you know you want to :p
- miSt |
Quote:
|
Please don't charge people for this one. This sounds like an important hack; it's not some optional bit of fluff people can pass on if they're not able to pay you something.
A lot of people really need help with security problems. Thanks. |
As I said, I haven't decided...no need to assume I won't release it for free (or then again, at all :p).
|
Yes... we know. We're just trying to help you decide! ;)
|
Quote:
Release it for $10 and watch the money flow :) |
| All times are GMT. The time now is 04:46 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|