Security Basics mailing list archives
Re: Secure Login Form
From: "Joe Yong" <justasqlguy () gmail com>
Date: Sat, 19 Jan 2008 17:15:24 -0800
If you're going to use a database, google "SQL Injection" and learn it well. Related to the subject is multi-layered security. You system is at far greater risk of compromise from this than brute force or man-in-the-middle attacks. Why bother with the hard work of trying to crack strongly encrypted passwords when the intruder can instruct your database to do its bidding? If your DB is setup with anything beyond minimum required privileges on the machine it's running on (e.g. running under a high privilege account), that helps the intruder get to the rest of your network much faster. Doesn't really matter what OS or DB you're running. The same rules apply.
Current thread:
- Secure Login Form Jonathan Askew JBASKEW (Jan 16)
- Re: Secure Login Form cory (Jan 16)
- Re: Secure Login Form Josh Haft (Jan 16)
- RE: Secure Login Form benoni.martin (Jan 17)
- Re: Secure Login Form Rodrigo Blanco (Jan 19)
- Re: Secure Login Form Joe Yong (Jan 21)
- <Possible follow-ups>
- Re: Secure Login Form krymson (Jan 17)
- Re: Secure Login Form MaddHatter (Jan 18)
- Re: Secure Login Form Bipin Upadhyay (Jan 19)