Re: Re: Essential CGI Security Practices


There's more than one way to do things
	PerlMonks

Re: Re: Essential CGI Security Practices

by dsheroh (Monsignor)

on May 17, 2002 at 18:12 UTC ( [id://167380]=note: print w/replies, xml )

Need Help??

in reply to Re: Essential CGI Security Practices
in thread Essential CGI Security Practices

I wouldn't go so far as to say that "Invalid login" fails to buy any security - it prevents users from trivially determining whether a username is valid or not, thus significantly increasing the search space for a brute-force attack. Not a silver bullet by any means (not even a very shiny one, really), but still enough to be significant in many cases.

(Yeah, escalating delays are good, too, but a little trickier to implement in an environment, such as CGI, where you can't reliably maintain state.)

Comment on Re: Re: Essential CGI Security Practices

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://167380]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others learning in the Monastery: (7)

As of 2024-04-24 10:19 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found