Dos and Don'ts of Client Authentication on the Web

@inproceedings{citeulike:875716, abstract = {Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites we investigated, we weakened the client authentication on two systems, gained unauthorized access on eight, and...}, author = {Fu, Kevin and Sit, Emil and Smith, Kendra and Feamster, Nick }, booktitle = {Proceedings of the 10th USENIX Security Symposium}, citeulike-article-id = {875716}, keywords = {authentication, cookies, security, www}, month = {August}, posted-at = {2006-09-27 16:03:29}, priority = {2}, title = {Dos and Don'ts of Client Authentication on the Web}, url = {http://citeseer.ist.psu.edu/fu01dos.html}, year = {2001} }

TY - CONF ID - citeulike:875716 L3 - citeulike-article-id:875716 TI - Dos and Don'ts of Client Authentication on the Web T2 - Proceedings of the 10th USENIX Security Symposium N2 - Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites we investigated, we weakened the client authentication on two systems, gained unauthorized access on eight, and... KW - authentication KW - cookies KW - security KW - www AU - Fu, Kevin AU - Sit, Emil AU - Smith, Kendra AU - Feamster, Nick PY - 2001/August// UR - http://citeseer.ist.psu.edu/fu01dos.html ER -