PDA

View Full Version : What does "Secure" mean ?


Rob_Che
04-10-2008, 11:23 AM
Ok... I'm not looking for a dictionary definition here :rolleyes:

When people talk about 'Secure Servers' / 'Secure Upload'...
Does this simply mean password protected / on a remote server or
is there a web standard stating what 'secure' should mean ?

Cheers
Rob :-D

davidj
04-10-2008, 03:01 PM
with an understanding of what the risks are regarding what you are trying to protect you should be able to define SECURE
you need to do a risk assessment on the information your attempting to protect
Security does not just mean password protection. By having a form which communicates to a database adds an element of insecurity

rules of thumb

when setting up an account is there a safe format for password generation by forcing hard passwords (mix alpha numerics + initial minimum length)
Passwords should be encrypted and stored as such
does your password system force a change every 30,60,90 days
everything thats entered into a form should be validated and cleansed of any illegal data. You need to escape quotes etcYou have to define your own definitions and policies to suit your application and the data within

you also need to look at apache security so you get a full understanding...
http://www.apachesecurity.net/

Rob_Che
04-10-2008, 03:41 PM
Excellent answer... kind of what I thought (without the details)

I was going to shorten it to "Fit for purpose"...

Thanks DJ... I'll browse the Apache Security.

Rob

domedia
04-13-2008, 11:25 PM
I think secure certificate, https

davidj
04-14-2008, 07:07 AM
I think secure certificate, https

again i say its depending on the content and requirement and its another padlock you have at hand.

edbr
04-14-2008, 08:37 AM
does your password system force a change every 30,60,90 days
why is that david?

Rob_Che
04-14-2008, 09:22 AM
why is that david?

I guess that once a password is found and logged it will become useless after 30 days as it will change...

edbr
04-14-2008, 10:58 AM
hm guess so, difficult to assess the risk but it seems drastic.