Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

"which one may share across many sites"

This should never be the case, people should not reuse passwords, which isn't to say this doesn't happen, but in the modern world with the tools available there's no sane reason for this.

In the interests of security there's no reason not to run the site (or any site) over https. Awareness of security is a big issue, always has been, and the general public are being made more aware, either by changes in applications (browsers warning them) or data breaches, well publicised hardware and software vulnerabilities, network shenanigans...

Tools and services exist to make this easier for users and administrators, (e.g. lets enrcypt/https everywhere). Even this doesn't seem to be enough. As long as go as yesterday, for a couple of hours, people ignored the big https error message, logged into what looked like their myetherwallet wallet anyway, resulting in a heist:

"Victims had to click through a HTTPS error message, as the fake was using an untrusted TLS/SSL certificate. The bandits have amassed $17m in Ethereum in their own wallet over time."

Another BGP hijack. You say you don't trust the networks you use, I know people who run their own VPN servers, exclusively for their own use, and route all their traffic over this, regardless of device or where they are, and even this doesn't protect from everything, as this example shows.

When do you stop? Hardware? At the moment, realistically a 'blobless' ARM based system is likely your best bet, but it's not a realistic option for most people at the right now.

Anyway, hammers are still pretty cheap.

In reply to Re: Monastery login over http by marto
in thread Monastery login over http by bliako

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others romping around the Monastery: (11)
    As of 2019-10-21 13:50 GMT
    Find Nodes?
      Voting Booth?