View Full Version : What does "Secure" mean ?

04-10-2008, 10:23 AM
Ok... I'm not looking for a dictionary definition here :rolleyes:

When people talk about 'Secure Servers' / 'Secure Upload'...
Does this simply mean password protected / on a remote server or
is there a web standard stating what 'secure' should mean ?

Rob :-D

04-10-2008, 02:01 PM
with an understanding of what the risks are regarding what you are trying to protect you should be able to define SECURE
you need to do a risk assessment on the information your attempting to protect
Security does not just mean password protection. By having a form which communicates to a database adds an element of insecurity

rules of thumb

when setting up an account is there a safe format for password generation by forcing hard passwords (mix alpha numerics + initial minimum length)
Passwords should be encrypted and stored as such
does your password system force a change every 30,60,90 days
everything thats entered into a form should be validated and cleansed of any illegal data. You need to escape quotes etcYou have to define your own definitions and policies to suit your application and the data within

you also need to look at apache security so you get a full understanding...

04-10-2008, 02:41 PM
Excellent answer... kind of what I thought (without the details)

I was going to shorten it to "Fit for purpose"...

Thanks DJ... I'll browse the Apache Security.


04-13-2008, 10:25 PM
I think secure certificate, https

04-14-2008, 06:07 AM
I think secure certificate, https

again i say its depending on the content and requirement and its another padlock you have at hand.

04-14-2008, 07:37 AM
does your password system force a change every 30,60,90 days
why is that david?

04-14-2008, 08:22 AM
why is that david?

I guess that once a password is found and logged it will become useless after 30 days as it will change...

04-14-2008, 09:58 AM
hm guess so, difficult to assess the risk but it seems drastic.