In an odd effort to prevent SQL injection, some password policies refuse to allow users to use certain characters. The server-side code should be designed to allow for and escape special characters that might be used in an SQL injection attack.
I have seen at least two web applications with a maximum length of 12 characters. Increasing the maximum length of password fields allows for a higher level of entropy.
We have rules that force us to change passwords every 90 days and we're not allowed to repeat the past 15. What am I supposed to do with that when it comes to logging into a workstation… especially one that I seldom use.
What do we do about CDNs in DoD/Enterprise environments?Read More >
CompTIA markets itself as the "voice of the world's IT Passing CompTIA A+, Security+ Testsindustry". While that is highly debatable, it's apparent the United States Government has relied upon their certifications to establish a baseline of knowledge that IT professionals working for the Government should have, contracted personnel included.Read More >
Some time ago we contracted a vendor to develop a small application for us. After multiple setbacks throughout the project, I received a phone call.Read More >