[nycphp-talk] Session Thoughts
charlie derr
cderr at simons-rock.edu
Fri Oct 31 15:31:16 EST 2003
felix zaslavskiy wrote:
> On Fri, 31 Oct 2003 12:03:03 -0800 (PST)
> Chris Shiflett <shiflett at php.net> wrote:
>
>
>>--- felix zaslavskiy <felix at students.poly.edu> wrote:
>>
>>>>I think it would be better to observe the practices of places
>>>>like Amazon and Yahoo.
>>>
>>>By this you mean ssl + reask password for sensitive functions?
>>
>>That's a pretty enormous oversimplification of Amazon and Yahoo. I
>>bet they would like to know that all they had to do was use SSL and
>>ask for a password for important stuff.
>>
>
> There is no magic tricks that Amazon and Yahoo to do to secure their webapplication and ssl and ask for a password is really what they do at the application level. I am sure they have more advanced network security and host security and they hired expensive consultants to audit their security but at the end of the day what they do anyone can do.
>
I find it interesting that Yahoo's free services only offer ssl (https)
logins as an option (not even the default).
~c
More information about the talk
mailing list