Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Purdy (2383)

Purdy
  jasonNO@SPAMpurdy.info
http://purdy.info/
AOL IM: EmeraldWarp (Add Buddy, Send Message)
Yahoo! ID: jpurdy2 (Add User, Send Message)

Bleh - not feeling creative right now. You can check me out on PerlMonks [perlmonks.org].

Journal of Purdy (2383)

Tuesday August 03, 2004
02:17 PM

Web Security

[ #20216 ]

Posting this for my own future reference as well to share the love:

Threat Classification

As a Web developer, I should know all of these classifications and make sure my applications are protected using a security scheme that fits its intended usage.

On a side note, I'm developing a "manage my account" type of thing for a paid magazine (OP Magazine, for out-of-print books) and when looking at what other magazines do for this, I'm amazed that all you need to access your account is your e-mail address. Or knowing the mailing address. See this example at Running World.

I also find it kinda interesting when you survey different magazines' online subscription systems, they're either Time or buysub.com (which is part of CDS Fulfillment). It really amazes me how many magazines use the buysub.com application when they want to take subscription orders online.

So should I follow their footsteps? Or am I a little paranoid here? What security scheme should be done here? How do you balance the need for security against usability for the user?

I guess the worst that could be done is that someone steals an issue of a magazine by reassigning the mailing address to their own. So when we get a complaint from the victim, we could fix it and lock the account against further/online changes.

Film @ 11...

Peace,

Jason

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.