spudtater: (Default)
»

No! I cannot! I will not! You can't make me!!!!1!

([personal profile] spudtater Mar. 16th, 2007 06:31 pm)

Excerpt from the assignment given as part of the "server-side programming" module:

If the username and password are not correct, open a window, displaying “The login failed!”. Also display whether username or password is incorrect.

To all non-programmers on my friends list: can you figure out why this would be a bad and wrong thing to do?   8^]

Tags:
Flat | Top-Level Comments Only
Date: 2007-03-17 10:58 am (UTC)

From: [identity profile] mr-purpleduck.livejournal.com


... Also be careful of giving these those details away with the amount of time it takes to respond if the username or password is incorrect.
ext_79424: Line drawing of me, by me (Default)
Date: 2007-03-18 12:27 am (UTC)

From: [identity profile] spudtater.livejournal.com


This is over t'internet, so I imagine this information will be lost in the noise anyway...
Date: 2007-03-18 01:59 pm (UTC)

From: [identity profile] mr-purpleduck.livejournal.com


That really depends, the following issue in OpenSSH with PAM enabled, did just that. A valid user account would take longer to be rejected than a invalid one.

http://lab.mediaservice.net/advisory/2003-01-openssh.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190
Flat | Top-Level Comments Only
.

Profile

spudtater: (Default)
spudtater

Links

Most Popular Tags

Page Summary

Powered by Dreamwidth Studios

Style Credit

Expand Cut Tags

No cut tags