GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-24 21:34:06 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-07-29 13:43:29

Browse Source
This commit is contained in:
Jet Hughes 2022-07-29 13:43:29 +12:00
parent 7b7a456921
commit ed73da6ca6
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/notes/04-authentication-authorisation-passwords.md
View File

@ -41,4 +41,12 @@ tags:
- one is useless without the other - one is useless without the other
- many security vulnerabilities are caused by inexperienced/incompetent programmer creating systems that only have one or the other - many security vulnerabilities are caused by inexperienced/incompetent programmer creating systems that only have one or the other
- authenticaion without authorisation can lead to *path traversal* flaws - authenticaion without authorisation can lead to *path traversal* flaws
- changing the url path to find admin sites
- authorisation without authenticaion is the equivalent of blindly trusting your users. - authorisation without authenticaion is the equivalent of blindly trusting your users.
# Passwords
- not good
- lots of bad advice
- we are lazy
- "safe" passwords are difficult to enter on touch screen devies
- to many accouts