Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
Node is saved as draft in My Content >> Draft

  • Unprotected Transport of Credentials

    @ashwanimishra
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 1.18k
    Comment on it

    Unprotected Transport of Credentials are the shipping of sensitive information through some communication channel. For instance in Log-In pages that are not using satisfactory measures to defend the user name and password while they are in transportation from the client (user) to the server.

    Thus, this leads to exposure of user's data (important credential) to non trusted tertiary parties .Thereby that can result in stealing of Information. This can be grouped under the category of Insufficient Transport Layer Protection.

    For Example:

    In The following program demonstrate this Unprotected Transport of Credentials that try to establish a connection to a website(www.example.com) to communicate sensitive information.

    try {
URL url = new URL("http://www.example.com/");
HttpURLConnection ob = (HttpURLConnection)url.openConnection();
String userPassword = username + ":" + password;
ob.setRequestMethod("POST");
ob.connect();
ob.setDoOutput(true);
OutputStream os = ob.getOutputStream();
os.write(userPassword.getBytes());
os.flush();
os.close();
ob.disconnect();
}
catch (Exception e) {
//...
}

     

    In the above program, we are making a connection correctly but since the connection is not encrypted. So there might be chances that all important details can be read by attackers.

     

    What is Unprotected Transport of Credentials
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: