- Jun 6, 2020
- 11,559
- 4,422
This isn't a complete project - just a part of one, but I thought it worth sharing, both because it might inspire others and people might spot a security flaw I've missed.
Background: the site I run is a social network, and we also have apps built in B4X, which talk to the system via an API built around JSON data posted to an endpoint encrypted using TLS. I often have problems with users who've forgotten passwords - especially if they tend to use the app. When the app is set up, it asks for permission to use your account, and once that's done, it doesn't ask for anything more (a bit like oAuth, but less convoluted). You can, if you want, tell the app to request a PIN or biometric id when it starts.
So, since people tend to carry their phones, on which they can easily authorise themselves in a number of ways, and forget passwords, I wanted to find a way people could sign in to the site without a password, while still maintaining security. This is the result.
The user goes to the...
Background: the site I run is a social network, and we also have apps built in B4X, which talk to the system via an API built around JSON data posted to an endpoint encrypted using TLS. I often have problems with users who've forgotten passwords - especially if they tend to use the app. When the app is set up, it asks for permission to use your account, and once that's done, it doesn't ask for anything more (a bit like oAuth, but less convoluted). You can, if you want, tell the app to request a PIN or biometric id when it starts.
So, since people tend to carry their phones, on which they can easily authorise themselves in a number of ways, and forget passwords, I wanted to find a way people could sign in to the site without a password, while still maintaining security. This is the result.
The user goes to the...
برای دیدن لینک ها باید ثبت نام کنید
برای دیدن لینک ها باید ثبت نام کنید