IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [registration]

Registration can refer to: (-) The act of making an identity on a service (like getting a Facebook account) (-) The process of getting credentials from a service (like using OpenID to login to Stack Exchange) (-) The protocol to get information from a system (like getting updates from a Forum you want to follow)

Registration can refer to:

  • The act of making an identity on a service (like getting a Facebook account)
  • The process of getting credentials from a service (like using OpenID to login to Stack Exchange)
  • The protocol to get information from a system (like getting updates from a forum you want to follow)

This tag should be applied when a question is about:

  • A security issue that can occur with a registration process.
  • A question about an attack vector on the registration process.
  • A question security consideration for a registration process.
50 questions
1
vote
0 answers

What might an attacker do with email address as login name?

This might have been asked before, but I've looked for a few hours and can't find much. I would also like some opinions on what an attacker might do if he enters an email address on a site and it responds with "That user ID is not available". My…
JYG
  • 11
  • 2
1
vote
2 answers

How can I protect the signup form in my website? Is special spam prevention needed?

I'm struggling to write a secure sign-up form for my website. (My site is some kind of an image gallery. I have knowledge in html, javascript, msql and php) I know there is a tactic to secure login forms via checking and storing the failed login…
Catso
  • 13
  • 4
1
vote
1 answer

Is username and password needed to register and authenticate user in zero knowledge guillou quisquater?

I want to make guillou quisquater authentication for a website with Laravel (PHP). The authentication is between server and client(user). In the references i've read (here and here) the registration scheme is: The server selects 2 primes p and q…
kevin
  • 13
  • 3
1
vote
2 answers

Spoofing domain registration date info

Is it possible to spoof or change backwards Domain Registration Date that can be looked up in online whois tools and databases?
deevee
  • 353
  • 1
  • 3
  • 10
1
vote
1 answer

What are the disadvantages of logging someone in on register?

So presuming a username/password authentication system (not an SSO) if you register a new user, what's the disadvantage of logging them in before verifying their account by email? Let's presume that by logging them in they won't have access to…
xenoterracide
  • 322
  • 1
  • 2
  • 11
1
vote
1 answer

Risks and strategies to implement anonymous storage of Google Cloud Messaging tokens?

I'm writing a mobile app that aggregates weather data and generates a push notification when certain criteria are met. The user has the option to change some of the variables (e.g. if the current temperature exceeds X degrees) which is stored both…
DrFrankly
  • 11
  • 1
1
vote
1 answer

Why is the password field blanked in the registration form if the validation fail?

Is it really a problem if you send back the password when the validation fail on a registration form? I understand that the html that is sent back could be cached on the computer of the person registering and then if a malicious person later access…
Gudradain
  • 6,921
  • 2
  • 26
  • 43
0
votes
1 answer

Is it possible to avoid exposing the fact that an e-mail address is used by a web application (API) while still ensuring a decent UX?

One of the raised issues for a Web API is that for an e-mail based authentication (e-mail and password) the Register user method returns something like "the registration e-mail has been sent" regardless of the e-mail being used or not for an…
Alexei
  • 2,183
  • 3
  • 9
  • 23
0
votes
1 answer

Error message when logging in with valid credentials while registration not complete

I have a registration login process which includes a one-time activation link sent via email when the user registers. When the user clicks the link the account get's activated. Now what error message should/can i show to the user when he tries to…
Robert Niestroj
  • 101
  • 2
0
votes
3 answers

Let user send an email to register to prevent outgoing mail abuse

Problem Consider a standard sign-up form (user enters an email address, we send a confirmation link). Even limiting that form per IP (or even globally per hour), I'm concerned about abuse: Our real-world reputation would be harmed if someone enters…
franklyn
  • 3
  • 3
0
votes
1 answer

Why can I still receive email at my old domain after someone else bought it?

My domain expired years ago and was registered by another party. I have already read Can someone read my E-Mail if I lose ownership of my domain? and see that the answer is yes. Now if someone buys the domain and creates a mx record pointing to the…
teauxfu
  • 3
  • 2
0
votes
3 answers

Sending static registration links via email

In our mobile application, users need to register first before they can use it. After successful registration, they an now login and use features of the app. Now we will have a feature in our application where all users who have records in the…
user227480
  • 1
  • 1
0
votes
1 answer

How effective is mobile phone verification in stopping fake user registration?

Or in other words, how much work and money does someone has to do/have to have many SIM cards with many numbers, each loaded in a mobile phone.
warnerque
  • 1
  • 1
0
votes
1 answer

Secure Register - Login Portal

Im trying to create a secure portal for parents to view their sons or daughters information. I would need to have a register page. Im having trouble with hashing and salting the password. Then I need help with decoding the hashed and salt password…
Josh Sando
  • 1
0
votes
2 answers

Is the following set of steps, secure enough, during register and login on my webapp?

Register: Both text boxes of the user inputted password are compared, if they match: Add the user's email to the [users] table in the database, to have a user ID to later record everything against. Create salt. Anything random enough, and complex…
Иво Недев
  • 170
  • 10
1 2
3
4