Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 4 is about some strange behavior I have seen in security groups and other insanity.
Continue reading
Web site security is a very important issue to me. Every application, every information resource, must be built strong enough to put in the Internet, to reliably deliver information to those allowed access, and prevent delivery to those who are not. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles. Part 1 lays down the requirements for a secure web application. Today’s post is prompted by my meeting with such a security expert. Continue reading
This post is on the usability of authenticating to a site. Entering your username and password, what could be complicated about that? But, surprisingly, so many sites get it wrong. The “Login Test” is a measure of one specific aspect of logging in. Continue reading
