Re^4: Security of website code editor?

Good ideas, i have a problem with trusted IPs though, because I can guarantee not all the priveleged users are going to have static IPs (unless I'm missing something, in which case you don't have to have a static IP to be able to authorize via IP...). I know CGI::Session has an IP flag that checks for a change in IP during the session which would definitely be nice.

And by limiting password life, would you suggest emailing the priveleged user a new generated password every...week or so? something like that? or something even more often or secure?

meh.

Comment on Re^4: Security of website code editor?

Replies are listed 'Best First'.
Re^5: Security of website code editor? by CountZero (Bishop) on Sep 03, 2006 at 19:55 UTC
E-mailing the user his new password is probably the most unsecure way of doing it, unless you encrypt the e-mail. I was thinking of forcing the user to choose a new password every so often. Usually it is done right after logging in and before the user is allowed further access (otherwise, they tend to "forget" to change the password later). CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]
Re^6: Security of website code editor? by stonecolddevin (Parson) on Sep 03, 2006 at 19:59 UTC
Ah I didn't even think of that. So have them login, then force them to choose a new password, and as an additional security precaution, maybe have them enter their current password along with their new one? (much like when changing your password on here, i believe) meh.	[reply]
Re^7: Security of website code editor? by CountZero (Bishop) on Sep 03, 2006 at 20:12 UTC
Yes, something like that would be good. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]
Re^8: Security of website code editor? by stonecolddevin (Parson) on Sep 03, 2006 at 20:20 UTC
Re^9: Security of website code editor? by CountZero (Bishop) on Sep 04, 2006 at 06:38 UTC