nil.enroll(aetheric_username, quantum_class_id) (adric) wrote,
nil.enroll(aetheric_username, quantum_class_id)
adric

  • Music:

I posted replies on /. tonight. Twice.

http://slashdot.org/comments.pl?sid=490740&cid=22792056 :

Nearly there.

Always treat code as hostile.

Defense in depth, capabilities, least privilege, fail closed, scrub inputs, escape everything ... I think there have been a few books written on this.

In PHP's case this fellow's slender volume is quite helpful: http://phpsecurity.org/ [phpsecurity.org] . And http://noscript.net/ [noscript.net] .

g'luck!

http://slashdot.org/comments.pl?sid=490740&cid=22792204 :

I agree with your argument but none of your examples. :/

SVN's behaviour with respect to passwords is quite well documented and oft-discussed. If you have the magic bullet answer by all means please provide it in a patch.

(Hint: some OS have secure password storage systems, but none of the m use the same one. Second hint: passwords, particularly any that get sent over the wire in any form, are crap. Oh, just look here: http://subversion.tigris.org/faq.html#ssh-auth-cache [tigris.org] )
Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments