Wednesday, June 29, 2005

Security on the web

There is a never-ending battle for security and against hackers/crackers/miscreants in many fields, but particularly so online. It's something we're always sensitive to - and I have spent a lot of time over the years learning about cryptography (including university courses, though I spent more time on coding theory which is actually something entirely different).

Today's example of poor security

Whilst working on the migration of a client's website today, I noticed that their gateway page, with login and password box was even less secure than expected. It's not a critical part of the site - no-one can spend money if they get in as someone else and it's not done via a secure connection so there are always going to be attacks possible. I didn't, however, expect it to be as easy as it was to get in. The html source for the page included all valid username and password combinations - and validated on the spot using javascript!

Security resource on the web

If you're interested in security (online and offline), the writings of Bruce Schneier offer a great perspective. His monthly email newsletter in particular is well worth a read for insight into current affairs as they relate to security and his railing against insecure 'security' policies.

Trackback Link: [Security on the web]


Post a Comment

<< Home