Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

"If leaving an FTP directory containing 100GB of logs publicly open could be a simple mistake in setting access permissions, keeping both usernames and passwords in plaintext is much more troublesome," Dragusin blogs. "Keeping a salted cryptographic hash of the password is considered best practice, since it would mitigate exactly such an access permission mistake. Also, keeping passwords in logs is inherently insecure, especially plaintext passwords, since any employee with access to logs (for the purpose of analysis, monitoring or intrusion detection) could pose a threat to the privacy of users."

Gee, do ya think so?

1 posted on 09/27/2012 10:54:31 AM PDT by jurroppi1
[ Post Reply | Private Reply | View Replies ]


To: jurroppi1

https://www.youtube.com/watch?v=a6iW-8xPw3k


2 posted on 09/27/2012 11:21:57 AM PDT by WKUHilltopper (And yet...we continue to tolerate this crap...)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: jurroppi1

Lovely.


3 posted on 09/27/2012 11:31:16 AM PDT by EEGator
[ Post Reply | Private Reply | To 1 | View Replies ]

To: jurroppi1

no 30 sec session timeout? goombIEEE


4 posted on 09/27/2012 11:44:45 AM PDT by bunkerhill7 (yup-Who knew??)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: jurroppi1
keeping both usernames and passwords in plaintext is much more troublesome," Dragusin blogs. "Keeping a salted cryptographic hash of the password is considered best practice, since it would mitigate exactly such an access permission mistake.

Who the heck uses cleartext passwords? I guess some folks are both stupid and lazy.

7 posted on 09/27/2012 1:23:38 PM PDT by zeugma (Rid the world of those savages. - Dorothy Woods, widow of a Navy Seal, AMEN!)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: jurroppi1

Oh great. First LinkIn and now this. Ugh.


9 posted on 09/27/2012 10:43:43 PM PDT by PA Engineer (What if the rabbit hole is endless?)
[ Post Reply | Private Reply | To 1 | View Replies ]

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson