 | | Design>Web Design>Security 14 found. |
#18804
Asking for Usernames and Passwords on the Web 
The Web has moved beyond purely open content available to all. We now want to use it to collect and provide information that we want to restrict in some way – to members, or to staff, or because it is sensitive or personal data. One common method of restricting access is to ask users to enter username and password. Even this simple combination can be a source of annoyance and frustration to users but it does not have to be. This paper compares options for setting up and maintaining usernames and passwords, and also shows how to design a screen so that users are guided easily to the correct choices.
Miller, Sarah and Caroline Jarrett. STC Proceedings (2002). Design>Web Design>Security
#27550
Community Creators, Secure Your Code!
Don’t be like MySpace. Protect your community site from malicious cross-site scripting attacks.
Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax
#27676
Community Creators, Secure Your Code! Part II
In part one of this two-part series, we discussed the threat of cross-site scripting in general terms and introduced a number of important security concepts. In part two, we’ll take a more in-depth, hands-on approach: How does an attacker actually exploit the weaknesses found? How can you protect yourself? For reasons of length, we’ll limit our discussion to two specific, representative examples.
Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax
#22820
Dishes up the why and how of real-life data encryption, covering PGP and GnuPG, and using PHP and the mcrypt and mhash libraries.
Meloni, Julie. Webmonkey (2000). Design>Web Design>Security>PHP
#28741
The Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web
A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia. This document examines a number of potential solutions that allow systems to test for human users while preserving access by users with disabilities.
W3C (2005). Design>Web Design>Accessibility>Security
#23606
Put simply, cookies are 'caller ID for the 'Net.' They store small pieces of text in your browser and can only be retrieved by the site that stored them in the first place. Although many sites use cookies only for user identification, others developing CD or standalone help and courseware recognize the cookie's ability to imitate server behavior by generating dynamic HTML content.
Nelson, Mark. STC Proceedings (2003). Design>Web Design>Security
#21988
Computer security is a give and take situation. You can never be safe so long as you offer services. However, without offering services you may as well not have the computer in the first place. Thus, security becomes more about acceptable risk and emergency recovery than impregnability. It is your job to make sure that the cons of a break have far less impact than the pros of having a web site.
#26333
Mask Your Web Server for Enhanced Security
Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version.
Lima, Joe and Thomas Powell. evolt (2005). Articles>Web Design>Security
#28107
Minimal-Feedback Hints for Remembering Passwords
Passwords are a widely used mechanism for user authentication and are thus critical to the security of many systems. Strong passwords (e.g., b5j#Kv!8N) are less vulnerable to attack but at the same time more difficult to remember. Minimal-feedback hints are introduced to support users in remembering their passwords and thereby enabling them to choose stronger passwords.
Hertzum, Morten. uiGarden (2006). Design>Web Design>User Interface>Security
#26334
Password Encryption: Rationale and Java Example 
Most of the web sites today have some sort of a registration module where a user is asked to choose a username/password combination. This data gets stored in the database. You might wonder if the password you provide will be kept well-protected (read encrypted). In case you are the person designing such backend registration component, why not give your users peace of mind by encrypting their passwords?
Shvarts, James. evolt (2005). Articles>Web Design>Security
#21100
Poor password usability can ruin your web registration process. While passwords are a painful fact of life, there are ways to minimize the problems that users face. This article contains suggestions on how to best collect passwords during the registration process, and it will help you determine if you should allow users to save their passwords.
Ledwell, Joshua. WebWord (2001). Design>Web Design>Usability>Security
#26328
PHP Login System with Admin Features
I have written and am presenting here a complete Login System that can be easily integrated into any website.
evolt (2005). Articles>Web Design>Security
#11868
A big lie of computer security is that security improves as password complexity increases. In reality, users simply write down difficult passwords, leaving the system vulnerable. Security is better increased by designing for how people actually behave.
Nielsen, Jakob. Alertbox (2000). Articles>Web Design>Usability>Security
#25500
Smarter Image Hotlinking Prevention
Tthe usual approaches for preventing hotlinking (hijacking) images have a couple of side effects. This system works much better.
Scott, Thomas. List Apart, A (2004). Design>Web Design>Security>Graphic Design
| Copyright © 2001-08 by the EServer. All rights reserved. | Add a Work | Site Preferences | Discussion Forum | Habitués |
