Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Re: Essential CGI Security Practices

by dsheroh (Parson)
on May 17, 2002 at 18:12 UTC ( #167380=note: print w/ replies, xml ) Need Help??


in reply to Re: Essential CGI Security Practices
in thread Essential CGI Security Practices

I wouldn't go so far as to say that "Invalid login" fails to buy any security - it prevents users from trivially determining whether a username is valid or not, thus significantly increasing the search space for a brute-force attack. Not a silver bullet by any means (not even a very shiny one, really), but still enough to be significant in many cases.

(Yeah, escalating delays are good, too, but a little trickier to implement in an environment, such as CGI, where you can't reliably maintain state.)


Comment on Re: Re: Essential CGI Security Practices

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://167380]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2015-05-07 04:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    In my home, the TV remote control is ...









    Results (154 votes), past polls