Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

"which one may share across many sites"

This should never be the case, people should not reuse passwords, which isn't to say this doesn't happen, but in the modern world with the tools available there's no sane reason for this.

In the interests of security there's no reason not to run the site (or any site) over https. Awareness of security is a big issue, always has been, and the general public are being made more aware, either by changes in applications (browsers warning them) or data breaches, well publicised hardware and software vulnerabilities, network shenanigans...

Tools and services exist to make this easier for users and administrators, (e.g. lets enrcypt/https everywhere). Even this doesn't seem to be enough. As long as go as yesterday, for a couple of hours, people ignored the big https error message, logged into what looked like their myetherwallet wallet anyway, resulting in a heist:

"Victims had to click through a HTTPS error message, as the fake MyEtherWallet.com was using an untrusted TLS/SSL certificate. The bandits have amassed $17m in Ethereum in their own wallet over time."

Another BGP hijack. You say you don't trust the networks you use, I know people who run their own VPN servers, exclusively for their own use, and route all their traffic over this, regardless of device or where they are, and even this doesn't protect from everything, as this example shows.

When do you stop? Hardware? At the moment, realistically a 'blobless' ARM based system is likely your best bet, but it's not a realistic option for most people at the right now.

Anyway, hammers are still pretty cheap.


In reply to Re: Monastery login over http by marto
in thread Monastery login over http by bliako

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2024-03-28 19:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found