Re: Security of website code editor?

Replies are listed 'Best First'.
Re^2: Security of website code editor? by stonecolddevin (Parson) on Sep 03, 2006 at 19:25 UTC
Most likely nothing, and i believe I even have an SSL option. However, we all know passwords can be cracked, and this being my first production site (http://www.timorperfectus.com), I don't really wanna mess anything up. meh.	[reply]
Re^3: Security of website code editor? by CountZero (Bishop) on Sep 03, 2006 at 19:43 UTC
SSL is certainly a good option: otherwise your passwords travel the internet in plain sight of all to see. You can add to the security by only allowing connections from trusted IP-sources; allow passwords only a limited lifetime; have different levels of access; ... CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]
Re^4: Security of website code editor? by stonecolddevin (Parson) on Sep 03, 2006 at 19:49 UTC
Good ideas, i have a problem with trusted IPs though, because I can guarantee not all the priveleged users are going to have static IPs (unless I'm missing something, in which case you don't have to have a static IP to be able to authorize via IP...). I know CGI::Session has an IP flag that checks for a change in IP during the session which would definitely be nice. And by limiting password life, would you suggest emailing the priveleged user a new generated password every...week or so? something like that? or something even more often or secure? meh.	[reply]
Re^5: Security of website code editor? by CountZero (Bishop) on Sep 03, 2006 at 19:55 UTC
Re^6: Security of website code editor? by stonecolddevin (Parson) on Sep 03, 2006 at 19:59 UTC
Some notes below your chosen depth have not been shown here