Bossiness
-
@sloosecannon said in Bossiness:
General security practices recommend not leaking specifics.
True, but at that point the user has verified they know the (formerly) correct password, so the leak isn't as egregious.
How does the application know that?
Well, if it gets a different response, obviously. Never done AD stuff so I have no idea if you can, but if it's possible, the UX benefit is probably worth the slight security decrease.
-
@sloosecannon said in Bossiness:
@sloosecannon said in Bossiness:
General security practices recommend not leaking specifics.
True, but at that point the user has verified they know the (formerly) correct password, so the leak isn't as egregious.
How does the application know that?
Well, if it gets a different response, obviously. Never done AD stuff so I have no idea if you can, but if it's possible, the UX benefit is probably worth the slight security decrease.
The only thing I know AD differentiates is username does not exist versus combination is incorrect.
This was back in 2010 with ColdFusion.
All current development is single sign-on.
-
@sloosecannon said in Bossiness:
@sloosecannon said in Bossiness:
General security practices recommend not leaking specifics.
True, but at that point the user has verified they know the (formerly) correct password, so the leak isn't as egregious.
How does the application know that?
Well, if it gets a different response, obviously. Never done AD stuff so I have no idea if you can, but if it's possible, the UX benefit is probably worth the slight security decrease.
The only thing I know AD differentiates is username does not exist versus combination is incorrect.
This was back in 2010 with ColdFusion.
All current development is single sign-on.
Ah. Well, yea, then... maybe suggest that the password could be expired if it's a common enough issue. But since it's from 2010..... it's all a point anyways, isn't it?
-
@sloosecannon said in Bossiness:
Well, if it gets a different response, obviously. Never done AD stuff so I have no idea if you can, but if it's possible, the UX benefit is probably worth the slight security decrease.
Depends on how it integrates. If you do an LDAP bind with the user's credentials, you get a comment that includes "data 532", which means password expired. But writing a handler that parses the response to that extent starts to become really solution-specific and fragile. So better in a lot of cases to just throw the generic message and log the full comment from the LDAP server on the back end if you need to.
-
@masonwheeler said in Bossiness:
Considering that my weekly grocery shopping--just for myself--generally comes out a bit north of $30, that doesn't seem like it's a very big advantage
What do you eat all week? Do you eat out a lot?
-
@boomzilla not that much, why?
-
@masonwheeler said in Bossiness:
@boomzilla not that much, why?
I'm worried that you're malnourished.
-
@boomzilla If you shop smart, you can feed well on surprisingly little.
-
@boomzilla people used to say that to me in high school. No, I just have a high metabolism. (Though admittedly it's slowed down a bit after 30. I've stopped eating like Pac-Man since then, so I don't put on a lot of weight.)
-
We used active directory to authenticate. I am unaware of how to determine programmatically that the password is expired.
It is a PITA and not recommended. Actually, it is actively discouraged.
@sloosecannon said in Bossiness:
True, but at that point the user has verified they know the (formerly) correct password, so the leak isn't as egregious.
Not under AD. Expiration of password is checked before password validity at the AD level. You get back a password error, regardless of what was typed.
-
@masonwheeler said in Bossiness:
Considering that my weekly grocery shopping--just for myself--generally comes out a bit north of $30,
Mine is always north of $50 and often north of $100 for a weeks worth of food. Which is why @boomzilla was curious about you eating out a lot. $30 is hardly any food at all.
-
@dragoon *shrug* Chalk it up to good bargain hunting skills or something. Happens when you grow up in less than ideal circumstances.
-
@masonwheeler Yeah, but $30 per week is only $1.42 per meal. Which is pretty low, even being frugal. I don't doubt you, but that is why the questions about your eating habits, it just seems really low.
-
@dragoon ...huh. So it is.
I do eat out a few times a week, but not all that often. Mostly I just manage food-resources well. :P
Filed under: Math is hard, let's go
shoppingout for dinner!
-
@masonwheeler said in Bossiness:
I do eat out a few times a week
@masonwheeler said in Bossiness:
not all that often
I get a takeaway a couple of times a month...