Re: Good Password Choice (Was: chmod and security)

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Good Password Choice (Was: chmod and security)

Subject: Re: Good Password Choice (Was: chmod and security)
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Fri, 23 Dec 2005 18:55:59 +0000
Newsgroups: alt.www.webmaster
Organization: schestowitz.com / MCC / Manchester University
References: <43abdb19$0$8068$ba624c82@nntp02.dk.telia.net> <Xns9735807363210mecharlessweeneycom@130.133.1.4> <doh0dj$21mq$2@godfrey.mcc.ac.uk> <43ac3e2e.2397937@news.ntlworld.com>
Reply-to: newsgroups@xxxxxxxxxxxxxxx
User-agent: KNode/0.7.2

__/ [Matt Probert] on Friday 23 December 2005 18:19 \__

> On Fri, 23 Dec 2005 14:08:41 +0000, Roy Schestowitz
> <newsgroups@xxxxxxxxxxxxxxx> wrote:
> 
>> __/ [Charles Sweeney] on Friday 23 December 2005 12:37 \__
>> 
>> > Jim wrote
>> > 
>> >> I am using some php scripts that writes to different files, and the
>> >> files need a 666 chmod setting (read+write, read+write, read+write).
>> >> Are there any security issues involved in having xml or txt files on
>> >> my website chmod'ed to 666?
>> > 
>> > Unless you keep sensitive information on your server, then there's
>> > nothing that can't be fixed by a reinstall and backup.
>> 
>> If you have a piece of Web-based software, be careful. If hacked (assuming
>> it allows the user to upload files) expect this case of hijacking to put
>> the entire Web server in jeopardy. Choose good software; choose
>> hard-to-crack passwords.
>> 
> 
> Can we perhaps assist newbies by suggesting what constitutes a "hard
> to crack password"?
> 
> As an example, easy to crack passwords are ANY word found in a
> standard dictionary
> 
> More difficult passwords involve a combination of lower case and upper
> case letters and digits.
> 
> Matt
> 
> 
> --
> The Probert Encyclopaedia - Beyond Britannica
> http://www.probertencyclopaedia.com
             ^^^^^^^^^^^^^^^^^^^^^^^^

Excellent source for common passwords. Combinations of terms therein too.

I  happen to deal with accounts of University staff and students. In  ~70%
of  the cases, they use just a combination of words. Some of the passwords
I have come across you would not believe. No matter how much you encourage
them  to select something crypic, they choose to be lazy or simply  indif-
ferent, almost naive.

It  is no wonder so many sites and machines continue to get hijacked. More
and  more  systems begin to force period password changes and introduce  a
variety  of  rules including a dictionary lookup. Don't get me started  on
the  habits  of writing passwords on paper notes. Set up a site without  a
'fetch password using E-mail' feature and you'll have a support nightmare.

Roy

Follow-Ups:
- Re: Good Password Choice (Was: chmod and security)
  - From: MGW

References:
- Re: chmod and security
  - From: Roy Schestowitz

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index