Beefy Boxes and Bandwidth Generously Provided by pair Networks Russ
Just another Perl shrine
 
PerlMonks  

Re: Paranoid about web application security

by nedals (Chaplain)
on Aug 08, 2005 at 22:53 UTC ( #482055=note: print w/ replies, xml ) Need Help??


in reply to Paranoid about web application security

Only allow reasonably secure passwords..
6 or 8 chars minium with both alpha and numeric chars.


Comment on Re: Paranoid about web application security
Re^2: Paranoid about web application security
by dragonchild (Archbishop) on Aug 15, 2005 at 17:55 UTC
    Yuck, yuck, and doubleyuck! All this means is that either
    • Everyone uses "test123" (or similarly stupid passwords)
    • They're like me and they use the same three "secure" passwords for everything
    • They write down their passwords on a sticky note and put it on their monitor
    • They put everything in a password vault and use an insecure password (like their son's name) for that.

    You cannot take the idiot out of the user, so plan accordingly. If I break into a user account, I shouldn't be able to do anything more than screw with that specific user. If I can bring down the site by grabbing a low-priv account, that's the problem. It's the user's responsability to choose and use a good password. It's your responsability to protect the other users when (not if!) they don't.

    My criteria for good software:
    1. Does it work?
    2. Can someone else come in, make a change, and be reasonably certain no bugs were introduced?
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://482055]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (13)
As of 2013-05-23 17:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best material for plates (tableware) is:









    Results (486 votes), past polls