Oki DZ wrote:
>
> On Sat, 19 Aug 2000, Travis Low wrote:
>
> > The sample login screen uses input elements named "username" and "password".
> > Oddly enough, these are phrases that bored teenagers scan for to find usernames
> > and passwords. Could they be changed to something more obscure, such as
> > "itemnumber" and "unitcost"? Just a thought.
>
> What would be the problem in having "username=username" in your query
> path?
It's only a *potential* problem. If I'm scanning the wire for
usernames/passwords, I'm going to notice (or my script will notice) the phrase
"username" and grab the next couple values from the query path to test as
passwords.
-- Travis Low
<mailto:[EMAIL PROTECTED]>
<http://dawnstar.org/travis>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
