Authentication systems are used throughout the Internet to provide a mechanism for identifying a user of a system. On the Internet this is most commonly done through the use of a username and password combination though various other methods do exist, some of which will be discussed later in this series. Authenticating users frequently is the precursor to identifying whether a user is authorised to access particular resources or not as without knowing who the user is it not possible to say if they should have access.
Considering authentication systems are such a fundamental part of system security many would hope that this would be a well understood area by developers, but unfortunately this is not always the case, frequently you will see developers in their early years developing systems that do process and store sensitive information in an appropriate manner. Worryingly this is not just a problem limited to small applications developed by people who’re new to programming but also to large corporations like Adobe where a professional level of development would be expected and therefore the lack of it is worrying and potentially suspicious. [Read more...]