Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re^2: Security: balancing two conflicting password policies

by Tanktalus (Canon)
on May 13, 2005 at 00:06 UTC ( [id://456574]=note: print w/replies, xml ) Need Help??


in reply to Re: Security: balancing two conflicting password policies
in thread Security: balancing two conflicting password policies

It's not impossible, it's just improbable. ;-)

We've had this discussion before. And my answer was to not store passwords at all. The difficult part, of course, is that this would require changing database servers - probably just as much of a beaurocratic nightmare, if not moreso, than what the OP is facing already.

This kinda reminds me of the old maxim: fast, working, cheap - pick two. Here it is: secure at the front, secure at the back, database that requires userid/password to be secure - pick two. And, like management making the first decision, management here is likely to say "All three!" as if just decreeing it changes the laws of physics.

(And here I go, revealing a bit more about my life by the assumptions that I make in my answer...)

  • Comment on Re^2: Security: balancing two conflicting password policies

Replies are listed 'Best First'.
Re^3: Security: balancing two conflicting password policies
by hakkr (Chaplain) on May 13, 2005 at 09:01 UTC

    Just store it in a hidden system file, then its not in the application code:)

    If the user account is restricted by host ip using database privileges and only granted what it needs the worst that happens upon password discovery is your application data gets compromised if someone gets on the box.

    If someone is on the box they can most likely get your encryption keys and code as easily as they can get the password so the encryption wont help much
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://456574]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (4)
As of 2024-04-19 20:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found