|
Posted by Christian Thies [Ar] on August 17, 2007, 10:43 am
Please log in for more thread options
Steve, you're absolutely right about the risks.
But let me explain a little dipper my situation, my apologies to all for not
doing this from the beginning
I'm building an application that encodes data in an audio stream encoded
with windows media. At the other side, I have developed a decoder, where the
data is decoded. The stream is decoded with windows media.
I'm selling this stream.
The way that this stream is accessed is providing a valid username and
password.
I assign a unique username and password per user of this service.
So, I need to keep an eye in possible steals or not allowed shares of
usernames and passwords. Because of this, I need to make sure that, at
least, no one can log in two or more times simultaneously
Regards, and thanks for your help
Christian
> If you don't mind, I'd like to use your situation here to chat a moment
> about risk. Limiting simultaneous logons is usually considered for these
> reasons:
>
> 1. Alice logs on at workstation A. Alice then logs on at workstation B,
> which sits next to workstation A.
>
> 2. Alice logs on at workstation A. Alice then logs on at workstation B,
> which is in another room. Bob wanders along, sees that someone is logged
> into unoccupied workstation A, and messes around.
>
> 3. Alice logs on at workstation A. Alice shares her ID/password with Bob.
> Bob logs on at workstation B.
>
>
> #1 is not a security risk. #2 and #3 are security risks. Trying to
> prohibit simultaneous logons isn't very practical because there are
> circumstances in which the tracking mechanism might get out of sync.
> Better mitigations are to teach people to log off when not using a
> workstation and not to share IDs/passwords with others--and to back up
> these policies with consequences.
>
> Also, realize that tools like CConnect apply to the user's entire domain
> access, not just to your application. That is, CConnect doesn't have a way
> of preventing Alice from logging on multiple times only for the use of
> your application--it applies to her domain account on the whole.
>
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>> I'm building a product that is accessed with a username and password, and
>> for preventing unauthorized access to it, I need to prevent multiple
>> simultaneous logons with the same username and password
>>
>>
>>
>> Sorry about my English. Let me know if the answer is clear
>>
>>
>>
>> Christian
>>
>>> Why do you need to do this? What security risk do you need to mitigate?
>>>
>>> Steve Riley
>>> steve.riley@microsoft.com
>>> http://blogs.technet.com/steriley
>>>
>>>
>>>> Hi, I have Windows 2003 domain working. I need to allow only one
>>>> network logon per user.
>>>>
>>>>
>>>>
>>>> The example is:
>>>>
>>>>
>>>>
>>>> User: username
>>>>
>>>> Status: Logged
>>>>
>>>>
>>>>
>>>> If user username try to login from a different machine, and he is
>>>> logged in another, the login attempt must be denied
>>>>
>>>>
>>>>
>>>> How can I accomplish this?
>>>>
>>>>
>>>>
>>>> Thanks in advance
>>>>
>>>>
>>>>
>>>>
>>
>>
| 
XML Sitemap