Comments (3)
Wenn die einmalig generierte UUID random, unique und genügend lang ist, wozu braucht man dann noch den Code aka Passwort, nur sinnvoll, wenn es jedesmal eingegeben werden muss und nicht abgespeichert werden kann, oder?
from mycoradar.
Hi @secradar , danke dir für diesen Impulse. Wir haben den Code als zusätzliche Sicherheit einer Brute-force Abfrage vorgesehen, um den Status durch Kenntnis oder Erraten der UUID weiter abzusichern. Wie praktikabel der Ansatz ist, müsste sich in einem Test und bei Beobachtung der UX klären. Ich lasse den Issue und Deinen Impulse für eine Weiterentwicklung offen. Vielen Dank für das Feedback.
Hi @secradar , thank you for this impulse. We have provided the code as additional security of a brute-force query to further secure the status by knowing or guessing the UUID. How practicable this approach is, would have to be clarified in a test and by observing the UX. I leave the issue and your impulses for further development open. Thank you very much for the feedback.
from mycoradar.
which kind of brute-foce should be protected? I can think of at least three:
- database from server is stolen, attacker uses brute-force to get the real device/app ID
- attacker pulls/pushes the API brute-forcing the UUID
- attacker has access to the app (which is only protected by the device's authenticator), and tries to misuse the app with other UUIDs
brute-forcing 2. and 3. is limmited by bandwidth of the connection, at least that of the server if it is a distributed brute-force; I don't yet see how the additional code make this attack harder
from mycoradar.
Related Issues (14)
- Describe necessary configuration files
- Write our story
- Create a profile HOT 3
- Add favicon.ico to websites
- Correct typo in README
- Replace german logo picture with english one
- BlueTooth enabled? HOT 3
- Add license header to all files
- Cooperation HOT 4
- Translate README to english
- Correct issue filter statement in README HOT 2
- Fix READMEs in subdirs
- Build the international website mycoradar.eu HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mycoradar.