Forum Discussion
Joe_Dunn_46490
Nimbostratus
Nov 28, 2011Insert Random Hash
Hi group
I'm wondering if anyone has any experience or direction on how one would do the following:
In an authentication scenario when a user is sending username/password for an iRule to pre-pend or append a string as a one time pad without the user's knowledge which would be used along with the username and password as authentication requirement.
Any pointers would be greatly appreciated.
5 Replies
- Hamish
Cirrocumulus
You mean to intercept the request and re-write the URI? That bit is easy... Does it HAVE to be the URI? Seems to me there's less likelyhood for leakage to the client (e.g. by getting a 404 back accidentally for some reason or other) if the string goes in a custom HTTP header (Also inserted by an iRule). - Joe_Dunn_46490
Nimbostratus
No not rewrite the URI, but modify the actual password field being transmitted to add the one time pad to the password field. Make it so the user does not know the full password to auth but does not need to know it either. - Michael_Yates
Nimbostratus
Hi John, - Joe_Dunn_46490
Nimbostratus
Hey Michael, - Michael_Yates
Nimbostratus
If that communication is using Basic Authentication (which I doubt) you could try using HTTP::password.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects