Kutshanje ndiye ndanexesha lokucinga kwakhona malunga nendlela inqaku elikhuselekileyo lokusetha kwakhona igama eliyimfihlo kufuneka lisebenze, okokuqala xa ndandisakha lo msebenzi , naxa enceda omnye umntu enze into efanayo. Kwimeko yesibini, ndandifuna ukumnika ikhonkco kwi-canonical resource kunye nazo zonke iinkcukacha zendlela yokuphumeza ngokukhuselekileyo umsebenzi wokusetha kwakhona. Nangona kunjalo, ingxaki kukuba isibonelelo esinjalo asikho, ubuncinane akukho nto ichaza yonke into ebonakala ibalulekile kum. Ngoko ndagqiba ekubeni ndiyibhale ngokwam.
Uyabona, ilizwe lamagama agqithisiweyo alityelweyo ngokwenene liyamangalisa. Kukho iimbono ezininzi ezahlukeneyo, ezamkeleke ngokupheleleyo kwaye ezininzi eziyingozi kakhulu. Amathuba ukuba uye wadibana nganye kuzo amaxesha amaninzi njengomsebenzisi wokugqibela; ke ndiza kuzama ukusebenzisa le mizekelo ukubonisa ukuba ngubani oyenza ngokufanelekileyo, ngubani ongenguye, kwaye yintoni ekufuneka ugxile kuyo ukuze ufumane uphawu kwi-app yakho.
Ukugcinwa kwegama lokugqithisa: i-hashing, uguqulelo oluntsonkothileyo kunye (nekhefu!) umbhalo ocacileyo
Asinakuxoxa ngento emayenze ngeepassword ezilityelweyo phambi kokuba sithethe ngendlela yokuzigcina. Amagama okugqithisa agcinwe kwisiseko sedatha kwenye yeentlobo ezintathu eziphambili:
- Isicatshulwa esilula. Kukho ikholamu yegama lokugqitha, egcinwe kwifomu yokubhaliweyo engenanto.
- Iguqulelwe ngokuntsonkothileyo. Ngokuqhelekileyo kusetyenziswa i-symmetric encryption (iqhosha elinye lisetyenziselwa zombini uguqulelo kunye ne-decryption), kunye ne-encrypted passwords nazo zigcinwe kwikholamu efanayo.
- I-Hashed. Inkqubo yendlela enye (igama lokugqithisa linokukhawuleziswa, kodwa alinakususwa); inombolo yokuvula, Ndingathanda ukuba nethemba, ilandelwa yityuwa, yaye nganye ikwintsika yayo.
Masingene ngqo kowona mbuzo ulula: Ungaze ugcine amagama ayimfihlo kumbhalo ongenanto! Ungaze. Umngcipheko omnye woku , i-backup enye yokungakhathali, okanye enye yeempazamo ezininzi ezilula - kwaye yiloo nto, i-gameover, zonke iiphasiwedi zakho - oko kukuthi, uxolo, iipassword zabo bonke abathengi bakho iya kuba yindawo yoluntu. Ngokuqinisekileyo, oku kuya kuthetha ukuba nokwenzeka okukhulu ukuba kuzo zonke ii-akhawunti zabo kwezinye iinkqubo. Kwaye iya kuba lityala lakho.
Uguqulelo oluntsonkothileyo lungcono, kodwa lunobuthathaka. Ingxaki ngoguqulelo oluntsonkothileyo luguqulelo oluntsonkothileyo; singathatha ezi ciphers zikhangeleka ziphambene kwaye siziguqule zibuyele kumbhalo ocacileyo, kwaye xa oko kusenzeka sibuyele kwimeko ye-password efundeka ngumntu. Kwenzeka njani oku? Isiphene esincinci singena kwikhowudi esusa igama eligqithisiweyo, liyenze ifumaneke esidlangalaleni - le yindlela enye. Abaduni bafumana ukufikelela kumatshini apho idatha efihliweyo igcinwa khona - le yindlela yesibini. Enye indlela, kwakhona, kukuba i-backup yedatha kwaye umntu ufumana isitshixo sokufihla, esihlala sigcinwa ngokungakhuselekanga.
Kwaye oku kusizisa kwi-hashing. Umbono emva kwe-hashing kukuba yindlela enye; indlela yodwa yokuthelekisa igama eligqithisiweyo elifakwe ngumsebenzisi kunye noguqulelo olukhawulezayo kukwenza igalelo kwaye uzithelekise. Ukuthintela uhlaselo oluvela kwizixhobo ezinje ngeetafile zomnyama, sibeka ityuwa kwinkqubo ngokungenamkhethe (funda yam malunga nokugcinwa kwe-cryptographic). Ekugqibeleni, ukuba iphunyezwe ngokuchanekileyo, sinokuqiniseka ukuba amagama agqithisiweyo akhawulezayo awasayi kuphinda abe ngumbhalo ocacileyo (Ndiza kuthetha ngeengenelo zee-algorithms ezahlukeneyo ze-hashing kwesinye isithuba).
Ingxoxo ekhawulezayo malunga ne-hashing vs. uguqulelo oluntsonkothileyo: esona sizathu ubuyakufuna ukuguqulela ngokufihlakeleyo kune-hash igama eligqithisiweyo kuxa ufuna ukubona igama lokugqitha kumbhalo ongenanto, kwaye ungaze uyifune le, ubuncinci kwimeko yewebhusayithi eqhelekileyo. Ukuba ufuna oku, ngoko ke kunokwenzeka ukuba wenza into engalunganga!
Nceda nceda!
Ngezantsi kwisicatshulwa seposi kukho inxalenye yesithombe-skrini sewebhusayithi ye-pornography ye-AlotPorn. Ilungiswe kakuhle ukuze kungabikho nto ungayiboni elunxwemeni, kodwa ukuba isenokubangela naziphi na iingxaki, musa ukuskrolela ezantsi.
Soloko ucwangcisa kwakhona igama lokugqitha lakho ngazange sukumkhumbuza
Ngaba ukhe wacelwa ukuba wenze umsebenzi izikhumbuzo inombolo yokuvula? Thatha inyathelo emva kwaye ucinge ngesi sicelo umva: kutheni le "isikhumbuzo" siyimfuneko? Kuba umsebenzisi ulibele igama eligqithisiweyo. Yintoni ngokwenene esifuna ukuyenza? Mncede angene kwakhona.
Ndiyaqonda ukuba igama elithi "isikhumbuzi" lisetyenziswa (kaninzi) ngendlela eqhelekileyo, kodwa eyona nto sizama ukuyenza ngokukhuselekileyo nceda umsebenzisi ukuba abe kwi-intanethi kwakhona. Kuba sifuna ukhuseleko, kukho izizathu ezibini zokuba kutheni isikhumbuzi (o.k.t. ukuthumela umsebenzisi igama eliyimfihlo) singafanelekanga:
- I-imeyile yitshaneli engakhuselekanga. Kanye njengoko besingayi kuthumela nantoni na enovakalelo nge-HTTP (siya kusebenzisa i-HTTPS), akufuneki sithumele nantoni na enovakalelo nge-imeyile kuba umaleko wayo wezothutho awukhuselekanga. Enyanisweni, oku kubi kakhulu kunokuthumela ulwazi kwiprotocol yothutho engakhuselekanga, kuba i-imeyile isoloko igcinwe kwisixhobo sokugcina, ifikeleleke kubalawuli benkqubo, idluliselwe kwaye isasazwe, ifikeleleke kwi-malware, njalo njalo. I-imeyile engabhalwanga lijelo elingakhuselekanga kakhulu.
- Akufunekanga ube nokufikelela kwi-password kunjalo. Phinda ufunde icandelo langaphambili kwisitoreji - kufuneka ube ne-hash yegama eliyimfihlo (ngetyuwa eyomeleleyo elungileyo), oku kuthetha ukuba akufanele ube nakho ukukhupha igama eligqithisiweyo kwaye uyithumele ngeposi.
Makhe ndibonise ingxaki ngomzekelo : Nali iphepha lokungena eliqhelekileyo:
Ngokucacileyo, ingxaki yokuqala kukuba iphepha lokungena alilayishi phezu kwe-HTTPS, kodwa isayithi iphinda ikukhuthaze ukuba uthumele igama eliyimfihlo ("Thumela igama eliyimfihlo"). Lo inokuba ngumzekelo wokusetyenziswa ngokudibeneyo kweli gama likhankanywe ngasentla, ngoko ke masilithathele inyathelo elingaphezulu kwaye sibone ukuba kwenzeka ntoni:
Ayibonakali ngcono kakhulu, ngelishwa; kwaye i-imeyile iqinisekisa ukuba kukho ingxaki:
Oku kusixelela imiba emibini ebalulekileyo ye-usoutdoor.com:
- Isayithi ayinamagama ayimfihlo. Okona kulungileyo, ziguqulelwe ngokuntsonkothileyo, kodwa kusenokwenzeka ukuba zigcinwe kumbhalo ongenanto; Asiboni bungqina buchasene noko.
- Isiza sithumela igama eligqithisiweyo lexesha elide (singabuyela emva kwaye siyisebenzise kwakhona kwaye kwakhona) phezu kwetshaneli engakhuselekanga.
Ngale ndlela, kufuneka sijonge ukuba inkqubo yokusetha kwakhona yenziwe ngendlela ekhuselekileyo. Inyathelo lokuqala lokwenza oku kukuqinisekisa ukuba umenzi-sicelo unelungelo lokuphinda enze uhlengahlengiso. Ngamanye amazwi, phambi koku kufuneka sijonge isazisi; masijonge ukuba kwenzeka ntoni xa isazisi siqinisekisiwe ngaphandle kokuqinisekisa kuqala ukuba umceli ngumnini-akhawunti ngokwenene.
Ukudwelisa amagama abasebenzisi kunye neempembelelo zawo ekungaziwani
Le ngxaki iboniswe kakuhle ngokubonakalayo. Ingxaki:
Uyabona? Nika ingqalelo kumyalezo othi βAkukho msebenzisi ubhalisiweyo ngale dilesi ye-imeyile.β Ingxaki iyavela ngokucacileyo ukuba indawo enjalo iqinisekisa ukufumaneka umsebenzisi obhaliswe ngedilesi ye-imeyile enjalo. Ibhingo - usandula ukufumanisa ikhubalo lamanyala lomyeni/umphathi/ummelwane!
Ngokuqinisekileyo, iphonografi ngumzekelo ochanekileyo wokubaluleka kobumfihlo, kodwa iingozi zokudibanisa umntu kunye newebhusayithi ethile zibanzi kakhulu kunemeko enokubakho engathandekiyo echazwe ngasentla. Enye ingozi bubunjineli bezentlalo; Ukuba umhlaseli unokufanisa umntu kunye nenkonzo, ngoko uya kuba nolwazi anokuthi aqale ukulusebenzisa. Ngokomzekelo, unokuqhagamshelana nomntu ozenza ummeli wewebhusayithi kwaye acele ulwazi olongezelelweyo ngelinge lokuzibophelela .
Izenzo ezinjalo zikwaphakamisa ingozi "yokubalwa kwamagama," apho umntu anokuqinisekisa ubukho bengqokelela yonke yamagama omsebenzisi okanye iidilesi ze-imeyile kwiwebhusayithi ngokuqhuba nje imibuzo yeqela kunye nokuvavanya iimpendulo kubo. Ngaba unoluhlu lweedilesi ze-imeyile zabo bonke abasebenzi kunye nemizuzu embalwa yokubhala iskripthi? Uyabona ke ukuba yintoni ingxaki!
Yiyiphi enye indlela? Enyanisweni, ilula kakhulu, kwaye iphunyezwe ngokumangalisayo kuyo :
Apha i-Entropay ayichazi nto malunga nobukho bedilesi ye-imeyile kwinkqubo yayo kumntu ongenayo le dilesi. Ukuba u eyakho le dilesi kwaye ayikho kwisixokelelwano, emva koko uya kufumana i-imeyile enje:
Kakade ke, kusenokubakho iimeko ezamkelekileyo apho umntu ucingaukuba ubhalisile kwiwebhusayithi. kodwa oku akunjalo, okanye ndiyenze kwidilesi ye-imeyile eyahlukileyo. Umzekelo oboniswe ngasentla uzisingatha kakuhle zombini ezi meko. Ngokucacileyo, ukuba idilesi iyahambelana, uya kufumana i-imeyile eyenza kube lula ukuseta kwakhona igama eligqithisiweyo.
Ubuqili besisombululo esikhethwe yi-Entropay kukuba ukuqinisekiswa kokuchonga kwenziwa ngokuhambelana i-imeyile phambi kokuqinisekiswa kwe-intanethi. Ezinye iisayithi zibuza abasebenzisi impendulo yombuzo wokhuseleko (ngaphezulu koku ngezantsi) Π΄ΠΎ ukusetha kwakhona kunokuqala njani; nangona kunjalo, ingxaki ngale nto kukuba kufuneka uphendule umbuzo ngelixa unikezela ngolunye uhlobo lwesazisi (i-imeyile okanye igama lomsebenzisi), nto leyo eyenza ukuba kube nzima ukuphendula ngokuqondayo ngaphandle kokuveza ubukho beakhawunti yomsebenzisi ongachazwanga.
Ngale ndlela kukho encinci yehle ukusetyenziswa kuba ukuba uzama ukuseta kwakhona i-akhawunti engekhoyo, akukho mpendulo yangoko. Ngokuqinisekileyo, yiyo yonke ingongoma yokuthumela i-imeyile, kodwa kumbono wokwenene womsebenzisi wokugqibela, ukuba bafaka idilesi engafanelekanga, baya kukwazi okokuqala xa befumana i-imeyile. Oku kunokubangela unxunguphalo kwicala lakhe, kodwa eli lixabiso elincinane lokuhlawula inkqubo enjalo enqabileyo.
Elinye inqaku, liphumile kancinci kwisihloko: imisebenzi yoncedo yokungena ebonisa ukuba igama lomsebenzisi okanye idilesi ye-imeyile ichanekile banengxaki efanayo. Hlala uphendula umsebenzisi ngomyalezo othi "Igama lakho lomsebenzisi kunye negama lokugqitha alisebenzi" kunomyalezo wokuqinisekisa ngokucacileyo ubukho beenkcukacha (umzekelo, "igama lomsebenzisi lichanekile, kodwa igama lokugqitha alichanekanga").
Ukuthumela ukuseta ngokutsha igama lokugqitha vs ukusetha kwakhona i-URL
Ingcinga elandelayo ekufuneka siyixoxe yindlela yokuseta ngokutsha igama lakho lokugqitha. Kukho izisombululo ezibini ezidumileyo:
- Ukuvelisa igama eligqithisiweyo elitsha kwiseva kwaye uyithumele nge-imeyile
- Thumela i-imeyile ene-URL eyodwa ukwenza inkqubo yokusetha kwakhona ibe lula
Ngaphandle kokuba , ingongoma yokuqala mayingaze isetyenziswe. Ingxaki ngale nto kukuba kuthetha ukuba kukho igama lokugqitha eligciniweyo, onokubuyela kuyo kwaye usebenzise kwakhona nangaliphi na ixesha; ithunyelwe ngetshaneli engakhuselekanga kwaye ihlala kwibhokisi yakho yangaphakathi. Amathuba kukuba ii-inbhoks zingqanyaniswa kuzo zonke izixhobo eziphathwayo kunye nomxhasi we-imeyile, kwaye zinokugcinwa kwi-intanethi kwinkonzo ye-imeyile yewebhu ixesha elide kakhulu. Ingongoma kukuba ibhokisi yeposi ayinakuthathwa njengendlela ethembekileyo yokugcina ixesha elide.
Kodwa ngaphandle koku, inqaku lokuqala linenye ingxaki enkulu - yona yenza lula kangangoko ukuvala iakhawunti ngenjongo engalunganga. Ukuba ndiyayazi idilesi ye-imeyile yomntu ongumnini-akhawunti kwiwebhusayithi, ngoko ndinokubavimba nangaliphi na ixesha ngokuseta kwakhona igama eliyimfihlo; Oku kukukhanyela uhlaselo lwenkonzo olunikezelwa kwisitya sesilivere! Yiloo nto ukusetha ngokutsha kufuneka kwenziwe kuphela emva koqinisekiso oluyimpumelelo lwamalungelo omceli kulo.
Xa sithetha nge-URL yokusetha kwakhona, sithetha idilesi yewebhusayithi eyiyo yodwa kulo mzekelo wenkqubo yokuseta ngokutsha. Ngokuqinisekileyo, kufuneka kube yinto ehleliweyo, akufanele kube lula ukuyiqikelela, kwaye akufanele iqulathe naziphi na iikhonkco zangaphandle kwi-akhawunti eyenza kube lula ukuseta kwakhona. Umzekelo, i-URL yokusetha ngokutsha akufuneki ibe yindlela nje efana "Seta kwakhona/?username=JohnSmith".
Sifuna ukwenza uphawu olulodwa olunokuthunyelwa njenge-URL yokusetha kwakhona, kwaye emva koko ihambelane nerekhodi yomncedisi we-akhawunti yomsebenzisi, ngaloo ndlela iqinisekisa ukuba umnini-akhawunti, ngokwenene, ngumntu ofanayo ozama ukuseta kwakhona igama eligqithisiweyo . Umzekelo, ithokheni ingaba "3ce7854015cd38c862cb9e14a1ae552b" kwaye igcinwe kwitheyibhile kunye ne-ID yomsebenzisi owenza ukusetha kwakhona kunye nexesha lenziwe ithokheni (ngaphezulu koku ngezantsi). Xa i-imeyile ithunyelwe, iqulethe i-URL efana ne "Reset/?id=3ce7854015cd38c862cb9e14a1ae552b", kwaye xa umsebenzisi ekhuphela, iphepha likhuthaza ubukho bophawu, emva koko liqinisekisa ulwazi lomsebenzisi kwaye libavumela ukuba batshintshe inombolo yokuvula.
Ewe, ekubeni inkqubo engentla (ngethemba) ivumela umsebenzisi ukuba enze igama eligqithisiweyo elitsha, kufuneka siqinisekise ukuba i-URL ilayishwe kwi-HTTPS. Hayi, , le URL yophawu kufuneka isebenzise ukhuseleko lomaleko wothutho ukuze ifom entsha yegama lokugqitha ayinakuhlaselwa kunye negama lokugqitha elenziwe ngumsebenzisi ligqithiselwe kuqhagamshelwano olukhuselekileyo.
Kwakhona kwi-URL yokusetha kwakhona kufuneka ungeze umda wexesha lomqondiso ukwenzela ukuba inkqubo yokusetha kwakhona igqitywe ngexesha elithile, yithi kwiyure. Oku kuqinisekisa ukuba iwindow yexesha lokusetha ngokutsha igcinwa incinci ukuze umamkeli we-URL yokusetha kwakhona angenza kuphela ngaphakathi kwefestile encinci kakhulu. Ewe, umhlaseli unokuqalisa inkqubo yokusetha kwakhona, kodwa kuya kufuneka bafumane enye i-URL yokuseta kwakhona eyahlukileyo.
Okokugqibela, kufuneka siqinisekise ukuba le nkqubo iyalahlwa. Emva kokuba inkqubo yokusetha ngokutsha igqityiwe, ithokheni kufuneka isuswe ukuze i-URL yokusetha kabusha ingasebenzi. Inqaku langaphambili liyimfuneko ukuze kuqinisekiswe ukuba umhlaseli unefestile encinci kakhulu ngexesha apho angakwazi ukuguqula i-URL yokusetha kwakhona. Ngaphezu koko, ngokuqinisekileyo, xa ukusetha kwakhona kuphumelele, ithokheni ayisadingeki.
Amanye ala manyathelo anokubonakala engafuneki ngokugqithisileyo, kodwa awaphazamisi ukusetyenziswa kunye e neneni ukuphucula ukhuseleko, nangona kwiimeko esithemba ukuba ziya kunqaba. Kwi-99% yamatyala, umsebenzisi uya kwenza ukusetha kwakhona ngexesha elifutshane kakhulu kwaye akayi kuphinda abuyisele igama lokugqitha kwixesha elizayo.
Indima yeCAPTCHA
Owu, iCAPTCHA, inqaku lokhuseleko sonke esithanda ukulithiya! Ngapha koko, iCAPTCHA ayisosixhobo sokukhusela kangako njengoko sisixhobo sokuchonga - nokuba ungumntu okanye irobhothi (okanye iskripthi esizenzekelayo). Injongo yalo kukuphepha ukungeniswa kwefomu ngokuzenzekelayo, leyo, ngokuqinisekileyo, kungaba isetyenziswe njengenzame zokwaphula ukhuseleko. Kumxholo wokusetha ngokutsha igama lokugqitha, iCAPTCHA ithetha ukuba umsebenzi wokusetha ngokutsha awunakunyanzelwa ngokungenalusini nokuba kumsebenzisi-spam okanye uzame ukumisela ubukho bee-akhawunti (ekuthi, kakade, ayinakwenzeka ukuba ulandele ingcebiso ekwicandelo ukuqinisekisa izazisi).
Ngokuqinisekileyo, iCAPTCHA ngokwayo ayifezekanga; Kukho imizekelo emininzi yesofthiwe yayo "i-hacking" kunye nokufikelela kumazinga okuphumelela okwaneleyo (60-70%). Ukongezelela, kukho isisombululo esiboniswe kwisithuba sam malunga , apho unokuhlawula abantu amaqhezu eesenti ukusombulula iCAPTCHA nganye kwaye ufezekise izinga lempumelelo ye94%. Oko kukuthi, isengozini, kodwa (kancinci) iphakamisa umqobo wokungena.
Makhe sijonge kumzekelo we-PayPal:
Kulo mzekelo, inkqubo yokusetha kwakhona ayinakuqala de iCAPTCHA isonjululwe, ngoko zifundo akunakwenzeka ukwenza inkqubo ngokuzenzekelayo. Kwithiyori.
Nangona kunjalo, kwizicelo ezininzi zewebhu oku kuya kuba kokugqithisileyo kwaye ilungile ngokupheleleyo imele ukwehla kokusebenziseka - abantu abayithandi iCAPTCHA! Ukongeza, iCAPTCHA yinto onokubuyela kuyo ngokulula ukuba kuyimfuneko. Ukuba inkonzo iqala ukuhlaselwa (apha kulapho ukugawulwa kwemithi kungena kakuhle, kodwa ngaphezulu koko kamva), ngoko ukongeza iCAPTCHA akunakuba lula.
Imibuzo eyimfihlo kunye neempendulo
Ngazo zonke iindlela esiziqwalaseleyo, sakwazi ukuseta kwakhona igama lokugqitha ngokuba nokufikelela kwi-akhawunti ye-imeyile. Ndithi "nje", kodwa, kunjalo, akukho mthethweni ukufumana ufikelelo kwi-akhawunti ye-imeyile yomnye umntu. ikhona ibe yinkqubo entsonkothileyo. Nangona kunjalo .
Ngapha koko, ikhonkco elingasentla malunga nokuqhekezwa kweYahoo kaSarah Palin! usebenzela iinjongo ezimbini; okokuqala, ibonisa indlela ekulula ngayo ukuqhekeza (ezinye) ii-akhawunti ze-imeyile, kwaye okwesibini, ibonisa indlela imibuzo yokhuseleko embi enokusetyenziswa ngayo ngenjongo ekhohlakeleyo. Kodwa siza kubuyela kule nto kamva.
Ingxaki nge-100% yokusetha kwakhona iphasiwedi esekwe kwi-imeyile kukuba ukuthembeka kweakhawunti yesayithi ozama ukuseta kwakhona iba yi-100% exhomekeke kwingqibelelo ye-akhawunti ye-imeyile. Nabani na onokufikelela kwi-imeyile yakho inofikelelo kuyo nayiphi na iakhawunti enokusetwa ngokutsha ngokufumana nje i-imeyile. Kwiiakhawunti ezinjalo, i-imeyile "isitshixo kuyo yonke iminyango" yobomi bakho be-intanethi.
Enye indlela yokunciphisa lo mngcipheko kukuphumeza umbuzo wokhuseleko kunye nephethini yokuphendula. Ngokungathandabuzekiyo sele ubabonile: khetha umbuzo onokuthi uphendulwe nguwe kuphela fanele Yazi impendulo, kwaye xa uphinda useta igama lakho lokugqitha uyakucelwa yona. Oku kongeza ukuzithemba ukuba umntu ozama ukuseta ngokutsha ngenene ngumnini-akhawunti.
Buyela kuSarah Palin: impazamo yayikukuba iimpendulo kumbuzo wakhe wokhuseleko / imibuzo inokufumaneka ngokulula. Ngokukodwa xa ungumntu obaluleke kangaka kuluntu, ulwazi malunga negama likamama wakho oyintombi, imbali yemfundo, okanye apho umntu asenokuba wayehlala khona ayiyomfihlo yonke. Enyanisweni, uninzi lwayo lunokufunyanwa phantse nguye nabani na. Nantsi into eyenzekayo kuSarah:
IHacker uDavid Kernell uye wafumana ufikelelo kwiakhawunti kaPalin ngokufumana iinkcukacha ngemvelaphi yakhe, njengeyunivesithi yakhe kunye nomhla wokuzalwa, waze wasebenzisa i-Yahoo!'s elityelweyo yokubuyisela igama lokugqitha.
Okokuqala, le yimpazamo yoyilo kwicala likaYahoo! - ngokucacisa imibuzo elula ngolo hlobo, inkampani ngokusisiseko yonakalise ixabiso lombuzo wokhuseleko, kwaye ke ngoko ukukhuselwa kwenkqubo yayo. Ewe, ukusetha kwakhona amagama agqithisiweyo kwi-akhawunti ye-imeyile kuhlala kunzima ngakumbi kuba awukwazi ukungqina ubunini ngokuthumela i-imeyile kumnini (ngaphandle kokuba nedilesi yesibini), kodwa ngethamsanqa akukho kusetyenziswa okuninzi ekudaleni inkqubo enjalo namhlanje.
Masibuyele kwimibuzo yokhuseleko - kukho ukhetho lokuvumela umsebenzisi ukuba enze eyabo imibuzo. Ingxaki kukuba oku kuya kubangela imibuzo ecacileyo:
Sinjani umbala wesibhakabhaka?
Imibuzo eyenza abantu bangakhululeki xa umbuzo wokhuseleko usetyenziselwa ukuchonga umntu (umzekelo, kwiziko lemibuzo):
Bendilala nabani ngekrismesi?
Okanye imibuzo ebubudenge ngokuphandle:
Upela njani "igama lokugqitha"?
Xa kuziwa kwimibuzo yokhuseleko, abasebenzisi kufuneka basindiswe kubo! Ngamanye amazwi, umbuzo wokhuseleko kufuneka ugqitywe sisiza ngokwaso, okanye ngcono, ubuzwe uthotho imibuzo yokhuseleko apho umsebenzisi anokukhetha khona. Kwaye akukho lula ukukhetha ΠΎΠ΄ΠΈΠ½; ngokufanelekileyo umsebenzisi makakhethe imibuzo emibini okanye ngaphezulu yokhuseleko ngexesha lokubhaliswa kweakhawunti, eya kuthi ke isetyenziswe njengejelo lesibini lokuchonga. Ukuba nemibuzo emininzi kwandisa ukuzithemba kwinkqubo yokuqinisekisa, kwaye ikwabonelela ngesakhono sokongeza ukungakhethi (ungasoloko ubonisa umbuzo ofanayo), kunye nokubonelela ngokuphindaphindeka kwimeko apho oyena msebenzisi ulibele igama eligqithisiweyo.
Ngowuphi umbuzo olungileyo wokhuseleko? Oku kuphenjelelwa zizinto ezininzi:
- Umelwe kukuba emfutshane β umbuzo kufuneka ucace kwaye ungacaci.
- Impendulo kufuneka ibe ethile β asifuni mbuzo onokuphendulwa ngumntu omnye ngendlela eyahlukileyo
- Iimpendulo ezinokuthi zibekho ezahlukeneyo - ukubuza umbala owuthandayo umntu kuvelisa iseti encinci yeempendulo ezinokwenzeka
- search impendulo mayibe nzima - ukuba impendulo inokufumaneka lula naluphi na (khumbula abantu abakwizikhundla eziphezulu), ngoko ungendawo
- Impendulo kufuneka ibe esisigxina ekuhambeni kwexesha - ukuba ubuza imovie yomntu oyithandayo, emva konyaka impendulo inokwahluka
Njengoko kusenzeka, kukho iwebhusayithi ezinikezelwe ukubuza imibuzo elungileyo ebizwa . Eminye yemibuzo ibonakala ilungile, abanye abaphumeleli kwezinye iimvavanyo ezichazwe ngasentla, ngakumbi uvavanyo "lokukhangela lula".
Makhe ndibonise indlela i-PayPal eyisebenzisa ngayo imibuzo yokhuseleko kwaye, ngakumbi, inzame isiza esiyibekayo ekuqinisekiseni. Ngentla sabona iphepha ukuqalisa inkqubo (ngeCAPTCHA), kwaye apha siza kubonisa okwenzekayo emva kokuba ufake idilesi ye-imeyile kwaye usombulule iCAPTCHA:
Ngenxa yoko, umsebenzisi ufumana le leta ilandelayo:
Ukuza kuthi ga ngoku yonke into iqhelekile, kodwa nantsi into efihliweyo emva kokuseta ngokutsha i-URL:
Ke, imibuzo yokhuseleko iyangena. Ngapha koko, i-PayPal ikwavumela ukuba usete kwakhona igama lokugqitha lakho ngokuqinisekisa inombolo yekhadi lakho letyala, ngoko kukho isitishi esongezelelweyo apho iisayithi ezininzi azikwazi ukufikelela kuso. Andikwazi nje ukutshintsha ipassword yam ndingaphendulanga zombini umbuzo wokhuseleko (okanye ukungazi inombolo yekhadi). Nokuba umntu uqweqwedisa i-imeyile yam, akazukwazi ukuseta kwakhona igama lokugqitha le-akhawunti yam ye-PayPal ngaphandle kokuba unolwazi lobuqu olungakumbi malunga nam. Loluphi ulwazi? Nantsi imibuzo yokhuseleko enikezwa yiPayPal:
Umbuzo wesikolo kunye nesibhedlele unokuba yi-iffy encinci malunga nokulula ukukhangela, kodwa ezinye azibi kakhulu. Nangona kunjalo, ukomeleza ukhuseleko, i-PayPal ifuna isazisi esongezelelweyo utshintsho iimpendulo kwimibuzo yokhuseleko:
I-PayPal ngumzekelo omhle we-utopian wokusetha kwakhona iphasiwedi ekhuselekileyo: isebenzisa iCAPTCHA ukunciphisa ubungozi bohlaselo olukhohlakeleyo, ifuna imibuzo emibini yokhuseleko, kwaye ifuna olunye uhlobo lokuchongwa olwahluke ngokupheleleyo ukutshintsha iimpendulo-kwaye oku emva komsebenzisi. sele engenile. Kakade ke, le nto kanye thina kulindeleke ukusuka PayPal; liziko lemali elisebenza ngeemali ezinkulu. Oku akuthethi ukuba konke ukusetha kwakhona igama lokugqitha kufuneka kulandele la manyathelo-ixesha elininzi i-overkill-kodwa ngumzekelo omhle kwiimeko apho ukhuseleko lishishini elinzima.
Uncedo lwenkqubo yombuzo wokhuseleko kukuba ukuba awuzange uyisebenzise kwangoko, ungayongeza kamva ukuba inqanaba lokhuseleko lobutyebi lifuna oko. Umzekelo omhle wale nto yi-Apple, esanda kuphumeza le ndlela [inqaku libhalwe ngo-2012]. Nje ukuba ndiqale ukuhlaziya usetyenziso kwi-iPad yam, ndabona esi sicelo silandelayo:
Emva koko ndabona isikrini apho ndingakhetha izibini ezininzi zemibuzo yokhuseleko kunye neempendulo, kunye nedilesi ye-imeyile yokuhlangula:
Ngokuphathelele i-PayPal, imibuzo ikhethwe kwangaphambili kwaye eminye yayo ilungile ngokwenene:
Iqela ngalinye lemibuzo emithathu/yempendulo limele isethi eyahlukileyo yemibuzo enokwenzeka, ngoko ke kukho iindlela ezininzi zokuqwalasela i-akhawunti.
Omnye umba omawuwuqwalasele malunga nokuphendula umbuzo wakho wokhuseleko kukugcina. Ukuba nesiseko sedata esibhaliweyo esicacileyo kugcino lwedatha sibeka phantse izoyikiso ezifanayo njengegama lokugqitha, oko kukuthi ukubhenca isiseko sedatha ngoko nangoko kutyhila ixabiso kwaye akubeki isicelo kuphela emngciphekweni, kodwa izicelo ezinokuba nokwahluka ngokupheleleyo zisebenzisa imibuzo yokhuseleko efanayo (apho kwakhona. ). Enye inketho i-hashing ekhuselekileyo (i-algorithm enamandla kunye ne-cryptographically random salt), kodwa ngokungafaniyo namatyala amaninzi okugcinwa kwephasiwedi, kunokubakho isizathu esihle sokuba impendulo ibonakala njengesicatshulwa esicacileyo. Imeko eqhelekileyo kukuqinisekiswa kwesazisi ngumsebenzisi wefowuni ephilayo. Kakade ke, i-hashing iyasebenza kule meko (umqhubi unokungena ngokulula impendulo egama lingumthengi), kodwa kwimeko embi kakhulu, impendulo eyimfihlo kufuneka ibekwe kwinqanaba elithile lokugcinwa kwe-cryptographic, nokuba i-symmetric encryption. . Shwankathela: phatha iimfihlo njengeemfihlo!
Enye inkalo yokugqibela yemibuzo yokhuseleko kunye neempendulo kukuba basengozini ngakumbi kubunjineli bezentlalo. Ukuzama ukukhupha ngokuthe ngqo i-password kwiakhawunti yomnye umntu, kodwa ukuqala incoko malunga nokwakheka kwayo (umbuzo wokhuseleko odumileyo) wahluke ngokupheleleyo. Ngapha koko, unganxibelelana kakuhle nomntu malunga neenkalo ezininzi zobomi babo ezinokubuza umbuzo oyimfihlo ngaphandle kokwenza urhano. Ewe, eyona ngongoma yombuzo wokhuseleko kukuba inxulumene namava obomi bomntu, ngoko ayilibaleki, kwaye kulapho ingxaki ilele khona- abantu bayakuthanda ukuthetha ngamava abo obomi! Kuncinci onokukwenza malunga noku, kuphela ukuba ukhetha imibuzo enjalo yokhuseleko ukuze ibenjalo Ngaphantsi mhlawumbi inokutsalwa bubunjineli bezentlalo.
[Iza kuqhubeka.]Njengentengiso
VDSina inikeza okuthembekileyo , umncedisi ngamnye uqhagamshelwe kwitshaneli ye-Intanethi ye-500 Megabits kwaye ikhuselwe ekuhlaselweni kwe-DDoS simahla!
umthombo: www.habr.com