rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: schneijo on December 14, 2007, 11:45:23 AM

Title: One time password (OTP)
Post by: schneijo on December 14, 2007, 11:45:23 AM

Is there a possibility to use one time passwords (or users)?
I think this would be a great feature

Title: Re: One time password (OTP)
Post by: rejetto on December 14, 2007, 04:10:18 PM

There's no such feature, and you are the first one asking.
Describe how you imagine it would be (by the user side).

Title: Re: One time password (OTP)
Post by: bacter on December 14, 2007, 09:51:50 PM

related to this topic: http://www.rejetto.com/forum/index.php?topic=5004.msg1027993#msg1027993 (http://www.rejetto.com/forum/index.php?topic=5004.msg1027993#msg1027993)

Title: Re: One time password (OTP)
Post by: rejetto on December 16, 2007, 04:29:14 PM

slightly related.
with OTP you have lots of passwords on the same user.

Title: Re: One time password (OTP)
Post by: schneijo on December 17, 2007, 08:14:32 AM

The steps shown in "password generating logic" would be a big effort.

But I think for an easier szenario:
1) I create a specific down/upload folder (and user account/password)
2) Then I send this information to the customer.
3) After the access at any time the password is implicit reseted

Effort for me:
- I dont have to analyse the logfiles a.s.a.p/online
- I know, that the files in the folders cannot be read/uploaded twice, or the account information cannot be used by collegues,...
- I can read/clean the folder offline(!), knowing that no one can reread/reaccess the files from outside
- After the "cleaning" of the folder it can be reused with a new password for a next customer ...

Title: Re: One time password (OTP)
Post by: jack_2000 on December 19, 2007, 01:34:43 PM

"one time passwords" can be implemented another way.
Add a TTL(time to live) for a password. If it's -1(default) it will last forever.
If it's > 0 then the timer will tick away, until it reaches 0 and then the password will be deleted.

Also ( i'm not very good with programing) can another program, on the same machine, talk to hfs and tell it what to do as if it would be yo entering the passwords from the menu?

Can it work this way?

Title: Re: One time password (OTP)
Post by: Foggy on December 19, 2007, 01:48:24 PM

That is possible by the command line, by I cant be bothered to lookup how. Just look in the wiki under command line parameters.

Title: Re: One time password (OTP)
Post by: rejetto on December 19, 2007, 04:59:05 PM

that's not what i thought you were asking.
Indeed with such name in computers there's another meaning.
http://en.wikipedia.org/wiki/One_time_password

What you are asking is not hard to make. There's a problem about how to count. Since we are not using cookies/sessions, password is actually used tens of times everytime. We may eventually count using a timeout.

Anyway, the counter would disable the account. I think this is the best action.

It's in the to-do-list now.

Title: Re: One time password (OTP)
Post by: MarkV on December 20, 2007, 01:49:49 AM

So it's in fact 'time limited accounts'. You could even say 'deactivate this account after X downloads/after Y uploads'.