spudtater: (Default)
»

No! I cannot! I will not! You can't make me!!!!1!

([personal profile] spudtater Mar. 16th, 2007 06:31 pm)

Excerpt from the assignment given as part of the "server-side programming" module:

If the username and password are not correct, open a window, displaying “The login failed!”. Also display whether username or password is incorrect.

To all non-programmers on my friends list: can you figure out why this would be a bad and wrong thing to do?   8^]

Tags:
Flat | Top-Level Comments Only
Date: 2007-03-17 05:22 am (UTC)

From: [identity profile] xenophanean.livejournal.com


Tells the security hacker if he's got one thing right. Particularly bad if he's found a good password, as then he only needs to know all the usernames to gain access. As many passwords are kinda common, names, satan666 etc, not hard to do.

(not a programmer)
ext_79424: Line drawing of me, by me (Default)
Date: 2007-03-18 12:25 am (UTC)

From: [identity profile] spudtater.livejournal.com


Bingo. Try a whole load of potential passwords, and end up with N valid ones. Then try a whole load of usernames, and end up with M valid ones. Then you only have to try NxM combinations of the two lists, with a fairly good probability of hitting a good combination.

Btw, somebody investigating myspace passwords found that the most common password was... wait for it... "password".   8^)
Flat | Top-Level Comments Only
.

Profile

spudtater: (Default)
spudtater

Links

Most Popular Tags

Page Summary

Powered by Dreamwidth Studios

Style Credit

Expand Cut Tags

No cut tags