Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Good Password Choice (Was: chmod and security)

__/ [Matt Probert] on Friday 23 December 2005 18:19 \__

> On Fri, 23 Dec 2005 14:08:41 +0000, Roy Schestowitz
> <newsgroups@xxxxxxxxxxxxxxx> wrote:
>> __/ [Charles Sweeney] on Friday 23 December 2005 12:37 \__
>> > Jim wrote
>> > 
>> >> I am using some php scripts that writes to different files, and the
>> >> files need a 666 chmod setting (read+write, read+write, read+write).
>> >> Are there any security issues involved in having xml or txt files on
>> >> my website chmod'ed to 666?
>> > 
>> > Unless you keep sensitive information on your server, then there's
>> > nothing that can't be fixed by a reinstall and backup.
>> If you have a piece of Web-based software, be careful. If hacked (assuming
>> it allows the user to upload files) expect this case of hijacking to put
>> the entire Web server in jeopardy. Choose good software; choose
>> hard-to-crack passwords.
> Can we perhaps assist newbies by suggesting what constitutes a "hard
> to crack password"?
> As an example, easy to crack passwords are ANY word found in a
> standard dictionary
> More difficult passwords involve a combination of lower case and upper
> case letters and digits.
> Matt
> --
> The Probert Encyclopaedia - Beyond Britannica
> http://www.probertencyclopaedia.com

Excellent source for common passwords. Combinations of terms therein too.

I  happen to deal with accounts of University staff and students. In  ~70%
of  the cases, they use just a combination of words. Some of the passwords
I have come across you would not believe. No matter how much you encourage
them  to select something crypic, they choose to be lazy or simply  indif-
ferent, almost naive.

It  is no wonder so many sites and machines continue to get hijacked. More
and  more  systems begin to force period password changes and introduce  a
variety  of  rules including a dictionary lookup. Don't get me started  on
the  habits  of writing passwords on paper notes. Set up a site without  a
'fetch password using E-mail' feature and you'll have a support nightmare.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index