NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
Aristotle (5147)
Tuesday August 22, 2006
12:29 PM
It’s memorable because it’s meta-system honesty
Newly hired IT contractor will need remote network access, so this pilot fish uses the company’s intranet-based application to set it up for him. That includes coming up with a secret question and answer so the user can be authenticated when he calls the help desk. “But the system assumes the person filling out the request is also the one who’ll be using the access,” grumbles fish. “It asked me to come up with the question and answer, not the contractor. The result? His question is ‘Why is this an insecure process?’ and the answer is ‘Poor design.’”
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Or is it a BUG?"
"Let's call it an accidental feature. :-)"
--Larry Wall in <6909@jpl-devvax.JPL.NASA.GOV>
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Reminds me of... (Score:1)
Heh. That reminds me of a friend of mine. His company does a -- let's be kind here -- so-so job of consolidating passwords. So to be able to go through his day, he has to remember an intranet password, a shared calendar password, a windows network password, a unix network password, a cms password, a cvs repository password, an IT password and a few others.
It goes without saying that some of those passwords must be changed every month or so (which shouldn't be so bad if the system wasn't beginning to nag
Re: (Score:1)
Goodness gracious. I’d just write all my passwords down and keep them in my wallet.
Re: (Score:1)
But my friend found the solution: he keeps his passwords in his wallet, and stick his money bills to his monitor. He calls it security through surreality.