[nycphp-talk] Session Thoughts
felix zaslavskiy
felix at students.poly.edu
Fri Oct 31 15:10:46 EST 2003
On Fri, 31 Oct 2003 12:03:03 -0800 (PST)
Chris Shiflett <shiflett at php.net> wrote:
> --- felix zaslavskiy <felix at students.poly.edu> wrote:
> > > I think it would be better to observe the practices of places
> > > like Amazon and Yahoo.
> >
> > By this you mean ssl + reask password for sensitive functions?
>
> That's a pretty enormous oversimplification of Amazon and Yahoo. I
> bet they would like to know that all they had to do was use SSL and
> ask for a password for important stuff.
>
There is no magic tricks that Amazon and Yahoo to do to secure their webapplication and ssl and ask for a password is really what they do at the application level. I am sure they have more advanced network security and host security and they hired expensive consultants to audit their security but at the end of the day what they do anyone can do.
> Being serious, there is a lot more to designing and securing Web
> applications than that.
>
> Chris
>
> =====
> My Blog
> http://shiflett.org/
> HTTP Developer's Handbook
> http://httphandbook.org/
> RAMP Training Courses
> http://www.nyphp.org/ramp
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
More information about the talk
mailing list