Timeline for How to ensure a malicious community server cannot impersonate a user?
Current License: CC BY-SA 4.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 13, 2022 at 11:34 | answer | added | Philipp | timeline score: 1 | |
| Dec 14, 2021 at 18:07 | history | edited | DMGregory♦ | CC BY-SA 4.0 |
Streamlining title, fixing typo
|
| Dec 14, 2021 at 17:22 | comment | added | James Davis | Do you know if i can find some kind of example of this protocol? | |
| Dec 14, 2021 at 17:20 | comment | added | DMGregory♦ | Wouldn't the server session token consist of some kind of one-way hash / encrypted signature of the destination server with the user's credentials, rather than just raw unprotected credentials that can be used with any server? The authentication server (possessing the secret key that generated this token) can then verify "yes, that is a valid token granting user X access to server Y" - which server Z can trivially conclude is not a valid request for itself and must be a replay attack / forgery. | |
| Dec 14, 2021 at 17:17 | history | edited | DMGregory♦ | CC BY-SA 4.0 |
Cleanup
|
| Dec 14, 2021 at 17:11 | comment | added | James Davis | I've found this.. reddit.com/r/gamedev/comments/8owlpr/… But im having trouble understanding it | |
| S Dec 14, 2021 at 17:08 | review | First questions | |||
| Dec 15, 2021 at 10:40 | |||||
| S Dec 14, 2021 at 17:08 | history | asked | James Davis | CC BY-SA 4.0 |