Re: as security pro's, how do you use the web now?

[Rogan Dawes <discard () dawes za net>]

Daniel wrote:
> With more of my purchases being made on the web today, i'm always
> concerned that the site I'm using is making use of decent security
> standards.
>
> Last night i was purchasing some art on line and when it came to the
> payment section, the whole thing was iffy and didn't seem right. Even
> on the most basic input field, there was no validation being performed
> (yes i added a back tick, and even though some might find this wrong,
> i would like to know that my banking details are being handled in
> accordance with UK data protection laws)
>
> I didn't go any further and decided to phone in my order via the phone. 
>
> Does anyone else do this? 
> I know that it opens up a whole can of worms regarding acceptable
> usage of the site, and it would be interesting to see what other
> people think.
>
> Daniel

Hi Daniel,

I think that in the absence of any other means of determining the 
overall security of a site (some recently issued reputable security 
certification, perhaps), that sort of test is roughly equivalent to 
rattling your front door after you have locked it, to ensure that it 
stays locked.

While perhaps conflicting with the letter of the law, I don't think that 
it is an entirely unreasonable thing to perform one or two "peace of 
mind" tests before you hand over your details.

What I'm trying to say is that I commend you for your vigilance, even if 
I am not that vigilant myself.

Regards,

Rogan

"Back ticks" (``), however, are unlikely to reveal much about the 
security of the site. They are generally used by a Unix shell for 
command interpolation, rather than as string delimiters in a SQL 
command. Did you mean "single quotes" (''), perhaps?
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"