Test-suite for a password protected website
Joshua Goodall
joshua at roughtrade.net
Sun Dec 28 19:58:39 CST 2003
On Tue, Dec 30, 2003 at 09:51:26AM +1100, leif.eriksen at hpa.com.au wrote:
> Another option that is 'somewhat' secure is to set the username and
> password in environmental variables, if you are using an OS that
> supports that concept, and you are testing in a way that supports
> reading your envirnment.
You should only do this if you are 100% certain that "ps wwex" or
equivalent on your particular platform and all possible target
platforms does NOT provide a handy dump of the environment table
for all and sundry.
Otherwise you've just proposed a classic, almost a traditional
security blunder.
- Joshua.
--
Joshua Goodall "as modern as tomorrow afternoon"
joshua at roughtrade.net - FW109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://mail.pm.org/archives/melbourne-pm/attachments/20031229/081ccb03/attachment.bin
More information about the Melbourne-pm
mailing list