What does Tanne mean?
The name Tanne comes from the TANs used within Online-Banking.
Where do I get Tanne?
Tanne is licensed under the GPL and can be downloaded here
Version 0.7.2What requirements does the Tanne have?
We use the Tanne on a Linux 2.2 system with GNU Libc 2.2. There are chances it will work on newer/older systems or other unices, but we have'nt tried yet.
Who stands behind the Tanne?
The Tanne was invented by
FluxNetz GmbH
for their own needs.
For questions, suggestions, critics or other comments please mail the adress found at
www.fluxnetz.de
We're looking forward to your feedback.
Why Tanne?
One drawback of HTTP is, that the connection between the "surfer" and the server is established just for viewing one page and not the entire session. This means you cannot tell that the "surfer" who successfully logged in is still the same viewing the next page.
Common solutions for this problem are cookies or sessions-IDs. Both have (for us) unacceptable drawbacks. Cookies have a bad reputation and require the "surfer" to accept them. Session-ids can be hijacked by spying the http-referrer or browser history.
Another problem is storing passwords (e.g. for MySQL) in PHP-Scripts. Because the scripts are world-readable (for apache to execute them), everybody with access to your server, can get the passwords from your script.
What concept stands behind Tanne?
login sequence:
sequence with consecutive pages:
From where does Tanne know which is the correct session?
The backend tells Tanne which commands are on a page. The Tanne creates a TID (a unique, long, random combination of numbers and letters). This TID will be transmitted to the frontend in place of the command. The frontend adds the TIDs to all links on a page, which are supposed to continue the session.
When the surfer clicks on one of the links, the frontend transmits the TID to the Tanne. The Tanne knows the corresponding session and which command is ment and then sends the command to the correct backend.
What advantages offers this concept?