Posts Tagged ‘Security’

Sensible Security for Passwords or PINs

Sunday, March 16th, 2008

There are lots of times when you need to do some sort of login system that takes a password or a PIN number and tries to login to a server with it.  It might be obvious to some people, but it is a simple mistake to make that you shouldn’t ask your server application what the correct PIN/Password is and then compare it, but you should instead send the PIN/Password to the server and ask whether it is correct.

A good example of this is a cash machine.  If someone hacks into a cash machine network, they shouldn’t be able to ask the system for a PIN number for a specific card.  Instead, in order to authenticate, the cash machine should send the card number and PIN number and ask whether they match.