add what's missing (and should be done in a real world implementation)

author: Christian Stocker <me@chregu.tv> 2011-02-22 09:09:15 +0100
committer: Christian Stocker <me@chregu.tv> 2011-02-22 09:09:15 +0100
commit: 9ce3083bd8b6dd0796326523d7cce2fcbd7326e7 (patch)
tree: 4f9bffe3adf2a1fd20535638f79077606cad34d1
parent: b878104b3d3baa121658866e510ac28aaf389929 (diff)
download: GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.zip
GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.tar.gz
GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.tar.bz2
1 files changed, 9 insertions, 1 deletions
diff --git a/README b/README
index 601f797..f726869 100644
--- a/README
+++ b/README
@@ -11,4 +11,12 @@ See example.php for how to use it.
 
 There's a little web app showing how it works in web/, please make users.dat 
 writeable for the webserver, doesn't really work otherwise (it can't save the
-secret). Try to login with chregu/foobar.
-\ No newline at end of file
+secret). Try to login with chregu/foobar.
+
+
+What's missing in the demo:
+***
+
+* Prevent replay attacks. One token should only be used once 
+* Show QR Code only when providing password again (or not at all)
+* Regenrate secret
+\ No newline at end of file
author	Christian Stocker <me@chregu.tv>	2011-02-22 09:09:15 +0100
committer	Christian Stocker <me@chregu.tv>	2011-02-22 09:09:15 +0100
commit	9ce3083bd8b6dd0796326523d7cce2fcbd7326e7 (patch)
tree	4f9bffe3adf2a1fd20535638f79077606cad34d1
parent	b878104b3d3baa121658866e510ac28aaf389929 (diff)
download	GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.zip GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.tar.gz GoogleAuthenticator.php-9ce3083bd8b6dd0796326523d7cce2fcbd7326e7.tar.bz2