On Wed, 21 Nov 2007 07:51:30 +0800, Eduardo Tongson said: > I wonder why we don't see web applications use secure cookie recipes > like [1] and [2]. There are also existing secure password hashing > frameworks such as Solar's [3]. Are developers just unaware of these > secure schemes?. Browse the worsethanfailure.com website for a while, and you'll convince yourself that the average developer thinks that booleans are trinary-state. ;)
Attachment:
pgplJtdoXn6JS.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/