davidbgk
/
larlet-fr-david
Observar 1
Favorito 0
Fork 0
Código Versões 0 Atividade
Repository with sources and generator of https://larlet.fr/david/ https://larlet.fr/david/
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
300 Commits
1 Branch
Tag: 868986e691
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 868986e691
${ noResults }
larlet-fr-david/david/stream/2018/02/28/index.md

index.md 1.3KB
Original Visão normal Histórico

Add initial content
4 anos atrás
 12345678910111213141516 
  1. title: Granted access

  2. lang: en

  3. 

  4. > You can — and should — be taking some precautions to ensure that, say, an auto-created subdomain for a user account doesn’t conflict with a pre-existing subdomain you’re actually using or that has a special meaning, or that auto-created email addresses can’t clash with important/pre-existing ones.

  5. >

  6. > But to really be careful, you should probably also just disallow certain usernames from being registered.

  7. > 

  8. > <cite>*[Let's talk about usernames](https://www.b-list.org/weblog/2018/feb/11/usernames/)* ([cache](/david/cache/f11fd87b74b7e887269b0e4f300de405/))</cite>

  9. 

  10. Let me tell you a story about that. I have the username *david* on Bitbucket. You might think it’s quite harmless and I do agree.

  11. 

  12. There is no such week for the last ten years without somebody giving me write access to a private repository. This is not intentional, it is a user experience security flaw that is really hard to spot. And still, I get access to so many critical stuff!

  13. 

  14. Even with good will, I cannot find an elegant solution to that confusion. The first year I sent an humorous email about that to each owner and then I gave up. Now imagine if I was nasty…

  15. 

  16. My point is: even with a strong password — two-factors authentication or whatever — when the user interface is confusing social hacking is made incredibly simple.