| With the rapid development of network technology, the Web application has become the mainstream of online transactions because of its convenience. But the identity authentication of web-oriented application is difficult to get people to pay high attention. Forever, many hackers attack means, such as phishing and SQL injection attacks, start from the identity authentication. Therefore, the research of it will become a new focus in the field of network security in currently years.This paper focuses on the study of many popular loophole attacks of authentication based on web application and provides the two-tier solution, procedure-level and application-level solution. The procedure-level solutions, which are designed for code developer, inolve proper data filter and output verification, using strong session management. As these technologies are written by java program, it is widespread in every application. Therefore, it is worth of concerning by all application development staff. The application-level solutions present some simply and security authentication mechanisms, such as digital certification, one-time password and two-factor authentication. In this paper also mentions some encrytion algorithm and biological identification technology. In these technologies, the paper mainly describes the tow-factor authentication based on one-time password and digital certification.This paper's solutions are proved to have some feasibility, practicality, and its realization is simple and effective. We will ultimately reject attacks by hackers if we take these technologies. In addition, the two-factor authentication mechanism, described in this paper, can be used in some web applications which consider a higher safe factor. |
PDF Full Text Request