in reply to Re: Why do you have to worry about Brute Force Attacks?
in thread Why do you have to worry about Brute Force Attacks?

The flip-side of course is making the site easy to use. Security is a balancing act between Ease-of-use and Security.

One of my favourite definitions of security: "making the right data available to the right people at the right time".

It encompasses too oft overlooked points: first, that a system that prevents valid access can be just as bad, or worse, than a system that grants too much access, and second, access rights change over time. If a bank vault won't let anyone get the money, ever, it's worse than useless. A former bank teller should not retain keys to the vault after (s)he leaves the company; and a bank teller also shouldn't even be able to open the vault when not on shift.

It's an easy thing to state; and a hard thing to get right.

  • Comment on Re^2: Why do you have to worry about Brute Force Attacks?

In Section Seekers of Perl Wisdom