Your first point is unbelivably important here. That's one I only recently learned.
I was writing a client to access to poll a website which requires a login userid/password. It worked from the command line, and of course I follishly supplied username/password arguments to it on the command line too - until I discovered that around 1,000 users could easily just watch my username/password combination all day long.
Ack. This one really does byte a lot of people and something that should be stressed more often in security FAQs.
- wil
I was writing a client to access to poll a website which requires a login userid/password. It worked from the command line, and of course I follishly supplied username/password arguments to it on the command line too - until I discovered that around 1,000 users could easily just watch my username/password combination all day long.
Ack. This one really does byte a lot of people and something that should be stressed more often in security FAQs.
- wil
