[nycphp-talk] password strength enforcement
jon baer
jonbaer at jonbaer.net
Mon Apr 12 16:39:30 EDT 2004
That is a good point, the question is *who* would be deemed the
authoritative figure when it comes to web application security? Micro$oft?
$un? Id like to see a Security section on http://phundamentals.nyphp.org/
covering it and other topics (XSS, Passwords, Authentication, CrackLib, etc)
...
There are some called Authentication Policies that are good reads:
http://www.sans.org/resources/policies/Password_Policy.pdf
http://www.ietf.org/rfc/rfc2196.txt?Number=2196
http://www.sans.org/resources/policies/?printer=Y#primer
Im sure some information can also be abstracted from Security+/CISSP exam
guides.
- Jon
----- Original Message -----
From: "Allen Shaw" <ashaw at iifwp.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, April 12, 2004 4:39 PM
Subject: Re: [nycphp-talk] password strength enforcement
> You know it seems like all this must have surely been discussed hundreds
of
> times by other people, maybe even by us, before. Wouldn't this all be
> somewhat generally understood by now, and maybe even written down in some
> reliable source? I've found lots of "advice" on good password policy, but
> nothing that claimed or seemed to be vaguely authoritative. Are there
just
> too many variables to generalize about, or maybe people aren't interested
in
> really understanding the issue?
More information about the talk
mailing list