Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Essential CGI Security Practices

by dsheroh (Prior)
on May 17, 2002 at 18:12 UTC ( #167380=note: print w/replies, xml ) Need Help??


in reply to Re: Essential CGI Security Practices
in thread Essential CGI Security Practices

I wouldn't go so far as to say that "Invalid login" fails to buy any security - it prevents users from trivially determining whether a username is valid or not, thus significantly increasing the search space for a brute-force attack. Not a silver bullet by any means (not even a very shiny one, really), but still enough to be significant in many cases.

(Yeah, escalating delays are good, too, but a little trickier to implement in an environment, such as CGI, where you can't reliably maintain state.)

  • Comment on Re: Re: Essential CGI Security Practices

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://167380]
help
Chatterbox?
[stevieb]: shmem It's something I desired to have years ago, which is why I took over berrybrew. Cross-platform build/test automation locally, or over the network Test::BrewBuild
[shmem]: sounds good.
[shmem]: but I'm crumbling smaller stones. remember...
[stevieb]: I'm working on it to fatten it up and make it more reliant so I can finalize my Raspberry Pi automated build system for that software :) It's all well and fun, until I try to make it work with Windows lol
[shmem]: "debugging a program is more difficult than to write it in the first place. If you code your program as smart as you are, you are, by definition, too dumb to debug it."
[stevieb]: I literally laughed. That's good :) Perhaps I just need to go climb another mountain and forget about it

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2017-03-28 22:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should Pluto Get Its Planethood Back?



    Results (342 votes). Check out past polls.