Disable / Enable Sqrl Identity


Sqrirrlerin

Member
Jun 19, 2019
8
0
Hello!

I have a question about GRC's Sqrl Client: I have disabled my Sqrl identity on a server and now I want to enable it. If I leave "Website Spoofing" and "MITM interception" enabled in the client's Settings and Options, I get the message "Warning of an attempted attack" when I login. Only if I deactivate both options, I get the message that the Sqrl Client is deactivated and the Activate button is displayed. Is that supposed to be like that, that I have to disable the two checkboxes when I want to enable my Sqrl Identity? Or what could be the error on the server / client?
 

PHolder

Well-known member
May 19, 2018
1,207
202
It's my understanding that you shouldn't have to mess with the settings to achieve what you are trying to achieve. It sounds like a problem with the server, unless you have somehow disabled or interfered with the Javascript provided from the site. (The Javascript is necessary to properly enable the anti-spoofing feature.)
 

Sqrirrlerin

Member
Jun 19, 2019
8
0
Thank you very much for your answer. Yes, I have changed the Javascript. I do not use the checkForChange() method, which polls for a page update. Could it be that it needs exactly this method?
 

PHolder

Well-known member
May 19, 2018
1,207
202
It's been a long time since I looked at the Javascirpt but my memory has it that the Javascript polls the client, and this is the signal the client uses to know the "back channel" is available/established. Without the back channel, the client is without its anti-spoof protection.
 
  • Like
Reactions: ahauser