Re: passwords in Perl

2015-10-27 Thread shawn wilson
On Tue, Oct 27, 2015 at 8:19 PM, Kent Fredric wrote: > On 28 October 2015 at 06:26, shawn wilson wrote: >> time*tries*exp is probably more like what you want, and do it before >> you print the error, but yeah > > > Just make sure the backoff can't be exploited by malicious users to > lock out leg

Re: passwords in Perl

2015-10-27 Thread Kent Fredric
On 28 October 2015 at 06:26, shawn wilson wrote: > time*tries*exp is probably more like what you want, and do it before > you print the error, but yeah Just make sure the backoff can't be exploited by malicious users to lock out legitimate users by bombing the login system with failed attempts.

Re: passwords in Perl

2015-10-27 Thread shawn wilson
On Tue, Oct 27, 2015 at 1:15 PM, Shawn H Corey wrote: > On Tue, 27 Oct 2015 12:25:38 -0400 > shawn wilson wrote: > >> Oh, and this is one place where you *don't* give lots of details of >> what went wrong. Don't say "invalid user", don't say "bad password", >> say "Bad username or password". and

Re: passwords in Perl

2015-10-27 Thread Shawn H Corey
On Tue, 27 Oct 2015 12:25:38 -0400 shawn wilson wrote: > Oh, and this is one place where you *don't* give lots of details of > what went wrong. Don't say "invalid user", don't say "bad password", > say "Bad username or password". and exit 1 if your failure is at a cli > - that's it Print the err

Re: passwords in Perl

2015-10-27 Thread shawn wilson
Oh, and this is one place where you *don't* give lots of details of what went wrong. Don't say "invalid user", don't say "bad password", say "Bad username or password". and exit 1 if your failure is at a cli - that's it On Tue, Oct 27, 2015 at 3:36 AM, Kent Fredric wrote: > On 27 October 2015 at

Re: passwords in Perl

2015-10-27 Thread Kent Fredric
On 27 October 2015 at 20:25, shawn wilson wrote: > do to manage policies and prevent users from using weak passwords and > emulate them. And if you want some examples on how *NOT* to restrict passwords, this site catalogues a lot of embarrasing failures. http://password-shaming.tumblr.com/ And

Re: passwords in Perl

2015-10-27 Thread shawn wilson
On Oct 27, 2015 1:45 AM, "Paul.G" wrote: > > Just wondering, what are peoples thoughts on using password authentication in perl. What tools do people use to secure the password or do you just restrict access to the script file so the password cannot be viewed etc. > Don't store plain text passwo