Re^2: Paranoid about web application security


The stupid question is the question not asked
	PerlMonks

Re^2: Paranoid about web application security

by dragonchild (Archbishop)

on Aug 15, 2005 at 17:55 UTC ( [id://483926]=note: print w/replies, xml )

Need Help??

in reply to Re: Paranoid about web application security
in thread Paranoid about web application security

Yuck, yuck, and doubleyuck! All this means is that either

Everyone uses "test123" (or similarly stupid passwords)
They're like me and they use the same three "secure" passwords for everything
They write down their passwords on a sticky note and put it on their monitor
They put everything in a password vault and use an insecure password (like their son's name) for that.

You cannot take the idiot out of the user, so plan accordingly. If I break into a user account, I shouldn't be able to do anything more than screw with that specific user. If I can bring down the site by grabbing a low-priv account, that's the problem. It's the user's responsability to choose and use a good password. It's your responsability to protect the other users when (not if!) they don't.

My criteria for good software:

Does it work?
Can someone else come in, make a change, and be reasonably certain no bugs were introduced?

Comment on Re^2: Paranoid about web application security

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://483926]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others learning in the Monastery: (3)

As of 2024-04-24 18:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found