Slash Boxes

Slash Open Source Project

This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • by Anonymous Coward on Tuesday November 13 2001, @04:43PM (#3667)

    They actually say:
    "Slash's security is weak. It is so bad that one would think it was created by Microsoft"

  • by dave_aiello (52) on Tuesday November 13 2001, @06:42PM (#3669) Homepage Journal
    I read the paper and I missed the quote about Slash security that the AC refers to. But, the paper does say the following:
    So assuming a user actually changes his or her password, Slash 2.0 actually does a decent job of obfuscating it in a cookie with MD5 encryption. In terms of account lock out, the Slash distribution also includes a script to aid in IP address banning for suspicious brute-force behavior.
    YMMV, I guess.


    Dave Aiello
    Chatham Township Data Corporation []