Securing Our Site

Stand on the Backs of Giants—Paranoid, Geeky Giants


Security isn’t what you came for. You probably didn’t sit down to build a web site saying to yourself, “My security model is going to blow people away!” Sadly, securing user passwords isn’t a sexy way to build your business—but who said protecting your business from disaster was going to be sexy? The real problem is that getting security right is hard. Just when you think your cute little hash and DIY cookie scheme is working, you realize there’s an attack vector that you’ve forgotten about. A quick browse through the history of cryptographic hash functions illustrates the difficulty of trying to get these things right. It doesn’t take too many smart, focused attackers to find a way for Eve, Mallory, and company to sneak into your site.


Login Request User Object Cryptographic Hash Function Public Class Public Void 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Jeff Dwyer 2008

Personalised recommendations