* Peter Edwards <[EMAIL PROTECTED]> [2007-05-19 10:05]: > The biggest security threat is actually insider fraud, so try > and design a system that you would struggle to break yourself, > with checks and balances including a write-only audit trail.
Finally, a statement in this thread that I can back up 100%. :-) > Hashing the URL will make life hard for you as a developer and > won't necessarily stop black hats. No, but it will certainly slow them down at first and it possibly keep slowing them down later. Sometimes, slowing someone down is all you need. F.ex., it would be dumb to run sshd on a port other than 22, hoping that no one finds it. But if you keep track of security advisories, then running sshd on an unusual port may make the difference between someone finding your sshd before or after you had a chance to install the latest patch, thus making the difference between your getting cracked or not. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
