This post explores the concept of authentication and the process of confirming the identity of a user or process to grant access. It discusses common authentication methods, such as password-based authentication, and the steps involved in the login form process.
Table of contents
1) when you encounter with the login page, you may notice that there is a mechanism to make us a part of a website called “authentication”. We cannot see the process ,but when you interact with the form structure of the web site, you can see what I mentioned before. Note: there might be different forms or parts in applications which allows us to interact with the login application.2) The process is also similar for the login form. When you put your credentials on the login password part. The system generates a query which is mostly like this :This way is more vulnerable since most of the Databases are storing the password file in a hashed format like SHA1, SHA256 or Bcrypt ,so you may not see passwords in a non-hashed format. Therefore, this query will make our scenario more realistic:and feasible on most scenarios because modern database systems requires hashing algorithms to harden their databases. To make safer our query we can also use “?” (parameterized queries) instead of directly embedding the values. Using this approach database automatically handles the sanitization process and nobody can insert unintended queries or visible to anyone who can see the query.3) When we press the login form or “Giriş yap” in my scenario, backend crafts a query to send & match related login/pass combinations to database by using Structured Query Language. Most of the times, we have a condition to check whether the credentials match with database or not. If it matches, backend will redirects the user to session. If query does not match, user is encountered with an error page. Mostly this messages tells us that you cannot authenticate as a user since your credentials does not match.1 Comment
Sort: