undefined | Better HN

0 pointshackerboos13y ago0 comments

That's "application specific" not machine specific. I'm not sure, other than IP address, how they could tell machines apart.

0 comments

inopinatus13y ago

I don't need them to be machine specific. What I expected was that a password issued (and immediately used) for e.g. authenticating to Gmail's IMAP service is then disqualified authorisation for any other Google service.

samwillis13y ago

Could they create a fingerprint of the application logging in using the request headers and user agent and watch for a grater than n% change in that fingerprint?

Obviously a hacker could just copy the applications headers...

j / k navigate · click thread line to collapse

0 pointshackerboos13y ago0 comments

That's "application specific" not machine specific. I'm not sure, other than IP address, how they could tell machines apart.

0 comments

inopinatus13y ago

samwillis13y ago

Could they create a fingerprint of the application logging in using the request headers and user agent and watch for a grater than n% change in that fingerprint?

Obviously a hacker could just copy the applications headers...

j / k navigate · click thread line to collapse