Risk mitigation of user name guessing is not done by obtuse error messages displayed back to the user. If you want to mitigate this risk, you need to use data.
Posts Tagged ‘ruby on rails’
Login forms are broken in ruby on rails
Posted in software security, software usability, tagged don't do this, risk management, usability, security, ruby on rails on August 14, 2009 | 10 Comments »
Philip is…
Often reading, thinking about, or doing risk management, software, economics, snowboarding, running and/or ping pong.
-
Recently
Tags
-
Recent Comments
My Work
On Twitter
- I endorse @gl33p for strategy because Preston has helped hundreds of organizations with their internet strategy. @imby 3 months ago
- Lots of people seem to have drunk the kool-aid on Pivotal Tracker. I have no idea why. I'll take Roundup any day over it. 8 months ago
- Looking forward to #lessconf and #bcjax this weekend. Hammering hard getting the todo list cleaned up. 9 months ago
- "Software teams are more likely to succeed using techniques similar to movie production, rather conventional engineering projects" (IBM) 9 months ago
- RT @KevinSwiggum: Is today code like a pirate too? List<Matey__c> = Ship.getMateys(); fer (mateys : ye) { avast(ye);} 10 months ago
