OT: Worthwhile *security-competent* web host?
Sergey Gromov
snake.scaly at gmail.com
Mon Jan 26 17:57:28 PST 2009
Sun, 25 Jan 2009 13:51:28 -0800, Andrei Alexandrescu wrote:
> Christopher Wright wrote:
>> Andrei Alexandrescu wrote:
>>> Never ever *ever* EVER *EVER* email a password in clear. I'd say, if
>>> anyone thinks she wants to do that, she doesn't deserve a server that
>>> understands basic security concepts, even if one existed.
>>>
>>> Andrei
>>
>> This isn't terribly important if you're only considering one system that
>> does not require any significant amount of security.
>>
>> However, people reuse passwords, and sometimes they'll use the same
>> password for sensitive and non-sensitive systems.
>
> My point exactly. I do have one "insecure" password that I use e.g. with
> mailing lists, and a "secure" password. The worst that happened was that
> some webmoron has set up a system that asked me to choose a password via
> a https protocol, to then email it to me in clear... When I tried to
> casually explain the mistake of his ways, he got all combative.
All my passwords are generated, and different. When I acquire a
password for a sensitive resource I make sure to change it to generated
as soon as possible.
More information about the Digitalmars-d
mailing list