By: Kurt Seifried, [email protected], Copyright Kurt Seifried, 2001
Version 1.31 (September 2 2001)
3.1 Something you know
3.1.1 Username and password
3.2
Something you have
3.2.1 X.509 certificates on the client
machine
3.2.2 X.509 certificates on smartcards
3.2.3 Challenge
response token
3.3 Something you are
3.3.1 Fingerprint
scanners
3.3.2 Retinal scanners
4.0 Authentication information storage and retrieval
4.1 Local methods
4.1.1 System username/password database
4.1.2
WWW server username/password database
4.2 Network based
methods
4.2.1 NIS/NIS+ server
4.2.2 SMB server
4.2.3 LDAP
server
4.2.4 Certificate authority server
4.2.5 Network
database server
4.2.6 Radius
4.2.7 TACACS/TACACS+
4.2.8
Novell
4.2.8.1 NDS eDirectory, formerly Corporate Edition
4.2.8.2
NDS Authentication Services
4.2.8.3 Novell iChain
4.2.9
ADS
4.2.10 DCE
4.2.11 WebSEAL
4.2.12 Kerberos
4.3 Others
5.1 Cookies
5.1.1 Stored cookies
5.1.2 Session cookies
5.2
X.509 certificates
5.3 HTTP header based authentication (HTTP
auth)
5.4 Unique URL's
5.4.1 Appending data to the URL
5.4.2
DNS names
5.5 HTTP_REFERRER
5.6 Hidden form fields and other
HTML code
6.0 Logging out stale sessions
6.1 Cookies
6.2 Unique URLs
6.3 Hidden form fields and other
HTML code
7.1 Microsoft
7.1.1 Microsoft Internet Explorer 4.x
7.1.2
Microsoft Internet Explorer 5.x, 6.x
7.2 Netscape
7.2.1
Netscape Navigator / Communicator 4.x
7.2.1 Netscape Navigator /
Communicator 6.x
7.3 Mozilla
7.3.1 Mozilla 0.9x
7.4
Opera
7.4.1 Opera 3.60
8.0 Some notes on WWW servers and WWW proxy servers
8.1 Apache based
8.1.1 Apache-SSL
8.1.2 Apache mod-ssl
8.1.3
Raven
8.1.4 Red Hat Secure Server
8.1.5 Stronghold
8.2
Netscape
8.2.1 Netscape Enterprise
8.3 Roxen
8.4 Zeus
8.5
Novell
8.5.1 Novell BorderManager
8.5.2 Novell ICS
8.6 IBM
Websphere
8.7 Volera
8.8 Squid
8.9 Achilles
9.0 Securing files and directories with various WWW servers
9.1 Apache based
9.1.1 Apache-SSL
9.1.2 Apache mod-ssl
9.1.3
Raven
9.1.4 Red Hat Secure Server
9.1.5 Stronghold
9.2
Netscape
9.2.1 Netscape Enterprise
9.3 Roxen
9.4 Zeus
9.5
Novell
9.6 IBM Websphere
9.7 Volera
9.8 Squid
10.0 Some notes on CGI programming languages
10.1 Perl
10.2 PHP
10.3 ASP
10.4 Python
11.0 Some notes on Client side languages
11.1 Java
11.1.1 Hushmail
11.1.2 Guardbot
11.2
ActiveX
11.1.2 InnerDynamics
13.0 Other authentication and encryption protocols
13.1 AKE
13.1.1 SRP
13.2 SPEKE
13.3 SNAKE
13.4 PDM
14.0 Security for the authentication backend
14.1 Basic security considerations
14.2 Exporting
authentication information
14.2.1 Databases
14.2.2 Windows
2000
14.3 SQL insertion attacks
14.4 Preventing brute forcing