Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenID. The future of authentication on the web?

From: Valdis.Kletnieks () vt edu
Date: Mon, 24 Mar 2008 10:50:57 -0400
On Mon, 24 Mar 2008 09:13:38 -0000, "Petko D. Petkov" said:


Not always. I think complexity is the enemy of security. The simpler
the system is the less chance to screw up, the more secure it is. It
is much easier to secure a single port then a class B network, don't
you think?


Not always - there's a *lot* of /16's out there that the answer is simply
"airgap it and be done".  On the other hand, trying to actually secure the
traffic that wanders by on port 80 is a bitch, given all the XSS bugs and bugs
in crappy PHP applications and so on...

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: