Test-suite for a password protected website

Joshua Goodall joshua at roughtrade.net
Sun Dec 28 19:58:39 CST 2003


On Tue, Dec 30, 2003 at 09:51:26AM +1100, leif.eriksen at hpa.com.au wrote:
> Another option that is 'somewhat' secure is to set the username and 
> password in environmental variables, if you are using an OS that 
> supports that concept, and you are testing in a way that supports 
> reading your envirnment.

You should only do this if you are 100% certain that "ps wwex" or
equivalent on your particular platform and all possible target
platforms does NOT provide a handy dump of the environment table
for all and sundry.

Otherwise you've just proposed a classic, almost a traditional
security blunder.

- Joshua.

-- 
Joshua Goodall                           "as modern as tomorrow afternoon"
joshua at roughtrade.net                                       - FW109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://mail.pm.org/archives/melbourne-pm/attachments/20031229/081ccb03/attachment.bin


More information about the Melbourne-pm mailing list