NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
cog (4665)
cog
{cog} {at} {cpan.org}
http://jose-castro.org/
Yahoo! ID: jose_alves_castro (Add User, Send Message)
Internacional Man of Mystery.
{cog} {at} {cpan.org}
http://jose-castro.org/
Yahoo! ID: jose_alves_castro (Add User, Send Message)
Internacional Man of Mystery.
Wednesday June 08, 2005
01:32 PM
Stupid security procedures
In a Portuguese website where people create blogs, when creating one, you're asked to choose a question from a group of five and insert the answer to it (for password retrieval).
The five possible questions are:
- What's the date in which your parents married?
- What's the name of your first pet?
- What's the name of your first girl/boyfriend?
- What's the number of your driver's licence?
- What's your mother's maiden name?
First of all, this is a stupid method, because anyone can get that information.
For password retrieval, you simply have to know the person's login, see the question, find out the answer (really, it's not that hard), answer it, and bang, you can change that person's password.
Then you can login, change the profile (including the answer to the "secret" question) and probably screw that person's life...
Secondly, it also means you can't have a blog if:
- Your parents never married,
- You never had a pet,
- You never had a relationship,
- You don't drive, and
- You never met you mother
So it's not only stupid, but also discriminating O:-)
In a stupid kind of way, I know O:-)
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
--Larry Wall in stab.c from the perl source code
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
blogblogblog (Score:2)
Re: (Score:1)