I am developing a winform that has a login page of some sort. I wanted to enable more then 2 types of authorization, just incase the user forgets his/her email:password combonation. I have added phone numbers, but I am curious to know if I can add fingerprint scanners, microphones and cameras into the mix. Is there a way to do that. I have read this post, but I am unsure if it works with any type of scanner, because the person who asked the question specifically named a single fingerprint scanner. Any help would be appreciated, Thanks Bye!
Related
I apologise if something like this has been answered before, I just can't figure out a good way to word my question well enough to include all details about my problem.
I'd like users to be able to host servers for my indie game in a way virtually identical to, for example, Minecraft. I don't want any official servers, the game is mostly intended to be played with friends and not random strangers.
I've thought of many ways to accomplish this but I could never solve one important detail - I want the server to be able to remember users and put them where they left off when they reconnect (give them their character, the character's inventory, etc).
But any solution I could find or think of either made it potentially very easy to steal someone's character and connect to the server pretending to be them, or required me to make players have a way to register with accounts, something I can't afford to host myself.
I guess what I need is a way for the server to send a token to a new connecting player, and then have a way to see if the player sending that token back is the same person, and not an attempt to replicate the token. That to me sounds like public key cryptography, but the game engine I'm using doesn't seem to have any libraries for that (unsurprisingly), and I certainly am not qualified to make a library like that myself. But maybe there's an easier solution I'm somehow missing.
This might be a stupid question, but I hope it's worth a try asking. Thank you in advance for any help. Sorry I was so wordy by the way.
TLDR: I want users to host game servers that can remember reconnecting players without risk of players' progress being stolen.
If you have not already, look into sessions. Session cookies. But also setting up a basic log in system with php or whatever server code your server uses is not hard, and most basic hosting provide the mysql and php needed to do a basic log in page, you just have to code it yourself.
Every application that generates dynamic content must have a server whose address is embedded inside the application to enable communication with server.
Now in the case of WhatsApp definitely they have also embed the server's address inside the WhatsApp application. For example someone reverse engineer the WhatsApp apk and found the address of the server, as well as he also found the parameters and all the stuff that the application sends to the server (i-e session, token, authentication key etc etc) for successful communication, so is that mean he can use these same parameters structure and the server address in different third party app to play/communicate with the WhatsApp server? Because server is just an electronic device that works on the digital signals and thats it. Server don't know that these parameters are coming from the authorized WhatsApp apk or from third party apk.
If yes, then don't you guys think that there should be solution to that problem?
If no, then what are the techniques and algorithms they are using to stop requests from unauthorized/fake apps.
I believe not any employee from WhatsApp will answer here to share the algorithm, but i know SOF is full of geeks, if someone knows how WhatsApp stops these kind of issues please share, otherwise i will be still glad to know about the advice and ideas that you guys have in your mind for the best security practices.
How banking, paypal etc and messaging apps including WhatsApp works in that scenario and how they stop the issue that i described above?
Important:
I am not going to reverse engineer the WhatsApp, i am just creating a server and fighting with this issue to be solved to secure my server and only accept request from my app but stop requests from unauthorized/fake apps.
Thanks & respect to all in advance who will contribute.
There is no way to prevent malicious reverse-engineering, resulting in a fake app pretending to be the real thing. While you are working on your server, you need to do defensive programming, that is, your server shouldn't assume that the request was sent via the app. So, if you protect your server against all kinds of malicious and deliberate misuses, then your server is safe.
However, that's easier said than done, because your project is developed by a finite amount of people and - if it becomes successful then - the audience contains a swarm of smart bad people.
You will therefore need to detect a subset of features that you need to absolutely protect against misuses and prioritize testing and improving those, by thinking with the mind of a fictional hacker, who would like to either gain unearned profits or do harm to your project. Schizophrenic, I know, but you need to do that on the server. You also need to improve the security of less than critical features, but at a lower priority and log the requests you get, so if SHTF, then you will have at least a chance to deduce what caused it and how.
If the phone app is in your hands as well, then you might implement some additional authentication for each version, like generating a version token for each user that downloads your app. Since the version token generator algorithm would not be in the hands of hackers, they would have to solve that on a per user basis, which is extremely laborius to solve this for several users if done by hand and if they work it out in a way to make it automatic, their solution would be viable only for a version.
So, there is no 100% accuracy in this area, but you can make life very hard and miserable for people payed to hack through your application.
I have purchased a simple biometric fingerprint reader that is usually used for laptop security through a USB connection. It is just called biomentric finger print reader, not branded! It came with the software for creating security for laptop, and it works great.
However, I had a different idea for it: I am intending to create a database of users fingerprints so that I can identify which user swiped their fingers on it, ie, to use it for different users' authentication using fingerprints. I don't seem to be making any head or tail on how to go about that.
I would like to find out if there is other kind of software to install that will make this gadget print the fingerprint or a code to say a spreadsheet or database whenever I swipe a finger on it? I was thinking it would be a simple as when I use a bar code scanner to print codes of various items to a spreadsheet.
Could someone please advise how to go about this. I believe it should do that but I just dont know where to start.
thanks.
As an alternative wrapper to WinBioNET as mentioned by Robinicks there is WinBiometric.Net.
Disclaimer: I do not own this project.
It has a really nice test project for playing around with the different API functions available in the Windows Wiometric Framework. This test project was monumental in helping me understand the Windows Biometric Framework.
The WinBiometric.Net wrapper has a claim of 100% API coverage, a NuGet package and has the MIT license.
I found it to generally have a very high quality of code as well.
As for storing the fingerprints in a database you could use the WinBioCaptureSample API function to capture a sample, which can then be stored in a database.
The sample can be converted into an image as well, there is a nice example of this in the wrapper.
I know this is an old question but I figured I'd post anyway.
You can use the WBF (Windows biometric Framework) API that is free, but you must first verify if your biometric device is WBF compatible. The documentation and samples for WBF are for C++, but there is a wrapper sample in C# that you can download here: Cirrostrata biometrics Regarding how to convert the scanned data into an image, you can check this post: How to convert winbio data into image. Hope this helps to start.
You can use the WinBioNET .NET wrapper for Windows Biometric Framework (WBF). It has a demo winforms app in the solution. Just open it up, select the demo app as the "startup project" and run. If you have any devices connected it will enumerate it at startup.
I am developing a TV application for the TV. One thing I have noticed is that TV apps, once installed, often present users an Activation Code. The user is asked to enter the Activation Code on the app's website. Once it is entered in the website, the TV app is able to proceed.
What is the purpose of this Activation Code? Why can't the app simply ask the user to log-in/register a user account? Is there some technical advantageous reasoning behind using an activation code in this way?
You are looking at a pattern that eases the user's login procedure.
Imagine the hassle of having to type your full username, which often is your email address (with special characters like '#' or '.'), together with your password (which hopefully contains numbers and/or special characters). All of that in a TV screen, with clunky controls to move around and possibly not a full size keyboard.
For this reason, redirecting the user to a simple web page where he has to type only 4 or 5 numbers is extremely more convenient, not to mention simpler to understand and quicker.
You can, of course, drift away from this pattern and go for your own solution. But to me, this is one of the best approaches as a user.
I am now motivated to explore a coding language so that I can make the best solution possible.
But I am not sure of the capabilities of all coding langugages, so I am asking for advice.
I want to automate some of the daily processes I do at the office. There is an external database on the internet that we use. We access it with a smart card and secured http.
In short, these are the actions that I do each time I restart the browser or a session ends:
Open a Secured HTTP. /....jsp
After being promted I choose an installed certificate
A smart card is called and I enter a PIN. /charismatics smart security interface/
The page asks me to log in with a username and password.
I open the desired link.
I extract the data from the opened webpage manually.
Is it possible to have all these action automated by code?
THANK YOU FOR ANY SUPPORT
If you get a PIN screen from the charismatics smart card security interface instead of from the operating system then it it may be very hard to automate this. Your program is unlikely to get access to the PIN popup Window.
If you get the PIN prompt from a CSP (as you mentioned in the comments) then it may be possible to automate the PIN login. The PIN is normally used to set up the SSL/TLS connection, so having it open in the browser won't help you much, unless you program the browser itself.
If you are bound to CSP's it may be best to keep to C#/.NET. There are of course bindings for other runtimes, but it is better to have as much control as possible.
You may want to take a look at topics such as parsing HTML, because that's something you certainly need to do. Life becomes a lot harder if the web-pages are filled in using JavaScript, so you may check for that first.
Now if you want to manually choose a link you may want to render the page in your own application and handle the download yourself.
This is certainly not a task I would recommend when starting off on an unknown programming language. I would find this a tricky task - there are a lot of ifs left with this description.