Stories
Slash Boxes
Comments

Slashcode

Slash Open Source Project

Stuff

This discussion has been archived. No new comments can be posted.

Security Paper That Mentions Slash More | Login

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Great artical! (Score:0)

by Anonymous Coward

They actually say:
"Slash's security is weak. It is so bad that one would think it was created by Microsoft"
- Can't find that juicy quote (Score:1)
  
  by dave_aiello (52)
  
  I read the paper and I missed the quote about Slash security that the AC refers to. But, the paper does say the following:
  So assuming a user actually changes his or her password, Slash 2.0 actually does a decent job of obfuscating it in a cookie with MD5 encryption. In terms of account lock out, the Slash distribution also includes a script to aid in IP address banning for suspicious brute-force behavior.
  YMMV, I guess.
  
  --
  --
  Dave Aiello
  Chatham Township Data Corporation [ctdata.com]
  - Re:Can't find that juicy quote (Score:2)
    
    by pudge (6)
    
    The AC was lying. Imagine that. :-)
    - Re:Can't find that juicy quote (Score:1)
      
      by flikx (2176) <flikee@SPAM.xmission.com> on Wednesday November 14 2001, @12:23PM (#3673) Homepage
      
      The correct terminology is YHBT.. Imagine that. :-P
      
      (And no, that AC wasn't me.)
      
      --
      One future, two choices. Oppose them or let them destroy us.
      
      Parent

Get More Comments