This is a pretty teachable article which is somewhat related to login
pages and secure content (just made me think of this discussion when I
saw it so figured I'd share - also is about Slack which lots of y'all
probably use):
https://www.ibuildings.nl/blog/2015/11/hidden-plain-sight-brute-forcing-s
On Tue, Oct 27, 2015 at 8:19 PM, Kent Fredric wrote:
> On 28 October 2015 at 06:26, shawn wilson wrote:
>> time*tries*exp is probably more like what you want, and do it before
>> you print the error, but yeah
>
>
> Just make sure the backoff can't be exploited by malicious users to
> lock out leg
On 28 October 2015 at 06:26, shawn wilson wrote:
> time*tries*exp is probably more like what you want, and do it before
> you print the error, but yeah
Just make sure the backoff can't be exploited by malicious users to
lock out legitimate users by bombing the login system with failed
attempts.
On Tue, Oct 27, 2015 at 1:15 PM, Shawn H Corey wrote:
> On Tue, 27 Oct 2015 12:25:38 -0400
> shawn wilson wrote:
>
>> Oh, and this is one place where you *don't* give lots of details of
>> what went wrong. Don't say "invalid user", don't say "bad password",
>> say "Bad username or password". and
On Tue, 27 Oct 2015 12:25:38 -0400
shawn wilson wrote:
> Oh, and this is one place where you *don't* give lots of details of
> what went wrong. Don't say "invalid user", don't say "bad password",
> say "Bad username or password". and exit 1 if your failure is at a cli
> - that's it
Print the err
Oh, and this is one place where you *don't* give lots of details of
what went wrong. Don't say "invalid user", don't say "bad password",
say "Bad username or password". and exit 1 if your failure is at a cli
- that's it
On Tue, Oct 27, 2015 at 3:36 AM, Kent Fredric wrote:
> On 27 October 2015 at
On 27 October 2015 at 20:25, shawn wilson wrote:
> do to manage policies and prevent users from using weak passwords and
> emulate them.
And if you want some examples on how *NOT* to restrict passwords, this
site catalogues a lot of embarrasing failures.
http://password-shaming.tumblr.com/
And
On Oct 27, 2015 1:45 AM, "Paul.G" wrote:
>
> Just wondering, what are peoples thoughts on using password
authentication in perl. What tools do people use to secure the password or
do you just restrict access to the script file so the password cannot be
viewed etc.
>
Don't store plain text passwo
Hello
Just wondering, what are peoples thoughts on using password authentication in
perl. What tools do people use to secure the password or do you just restrict
access to the script file so the password cannot be viewed etc.
cheers
Paul
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.o
JupiterHost.Net [JN], on Tuesday, May 03, 2005 at 17:31 (-0500) made
these points:
JN> Thanks for the input John! Any other opinions and points anyone?
in my point of view is MD5 ok, but I prefer "newer" hash algos, for
example SHA1
--
How do you protect mail on web? I use http://www.2pu.net
[
if(crypt($mypass, $crypted_original_pass) eq $crypted_original_pass) {
...
vs.
use Digest::MD5 qw(md5_hex);
...
if(md5_hex($mypass) eq $md5_hex_of_original_pass) {
...
If you use short/easy to guess passwords, such as words found in a
dictionary,
then the hash you use is irrelevant. If you use g
JupiterHost.Net wrote:
Hello list,
Hello,
I'm working on a script that manages passwords in a database.
Does anyone see any benefits/downfalls [in]securities of using crypt()
vs. an MD5 sum via Digest::MD5?
Like so:
if(crypt($mypass, $crypted_original_pass) eq $crypted_original_pass) {
...
vs.
us
Hello list,
I'm working on a script that manages passwords in a database.
Does anyone see any benefits/downfalls [in]securities of using crypt()
vs. an MD5 sum via Digest::MD5?
Like so:
if(crypt($mypass, $crypted_original_pass) eq $crypted_original_pass) {
...
vs.
use Digest::MD5 qw(md5_hex);
...
13 matches
Mail list logo
