anything

Author Topic: Using URL question - phishing protection?  (Read 1001011 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Using URL question - phishing protection?
« Reply #45 on: October 11, 2005, 12:07:04 AM »
Yeah, yeah, what he said!

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Using URL question - phishing protection?
« Reply #46 on: October 11, 2005, 01:20:59 AM »
Quote
Yeah, yeah, what he said!
Eric, the man of many words.
It is impossible to create a fool-proof system, because fools are ingenious.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Using URL question - phishing protection?
« Reply #47 on: October 11, 2005, 01:02:28 PM »
Quote
Quote
If we all agree that it would be a good idea to have the When URL contains start with http://
I don't agree. I know of at least several people who use PasswordMaker for non-web-applications such as ftp, telnet, and instant messaging.
Ok, I'll give this another shot - but with much less certainty...

I think Eric provided a hint of how we can accomplish this for everyone, when he answered one of my dumb questions:

Quote
What it used is determined by which checkboxes you've checked in the URL Components section -- Protocol, Subdomain(s), Domain, and Port, path, anchor, query parameters.

First, understand that, the way I am seeing this work,  the following is simply a new 'URL Validation Test' performed by PM - it isn't used to *calculate* the password, it is only required to test 'true' before PM *generates* the password. In other words, it is *invisible* to the User. I guess it could be made optional (give a warning but still generate a password), but I'd rather it didn't...

So, that said, maybe a modified version of my previous suggestion would work? Something like:

'Protocol'+'subdomain(s)'+*[.]+domain.com+[/]*

with the following hard-coded limitations:

1. the 'Protocol' is required
2. only valid subdomains are allowed
(ie, no slashes allowed between protocol and domain, and any valid URL text between the 'protocol' and 'domain' must end in the '.' (dot)
3. only valid subdirectories allowed
(ie, a single slash is the only character allowed (but not required) to immediately follow the domain. The asterisks are, of course, wildcards, so could be any valid URL characters *except '//' (double-slashes).

Hopefully there is actual coding already available (AntiPhish?) that will make this relatively easy for Eric to implement once he decides on how he wants to do it.

PasswordMaker Forums

Using URL question - phishing protection?
« Reply #47 on: October 11, 2005, 01:02:28 PM »