Managing passwords for a web site or web application has always been an area where developers have taken liberties with varying degrees of success. Sometimes what might seem like a convenience to the user can create a series of unnecessary security risks. Let’s take the example of a web site that has a ‘forgot your password’ feature that sends an e-mail with the forgotten password. The obvious risk is that the password is now being communicated through an insecure medium (e-mail) and could potentially be read by someone other than he intended user. However, there’s a bigger and much more urgent issue, the site owner and/or administrator should not have access to said password under any circumstance; if there was an issue where the credentials had been misused, anyone with access to them would immediately be suspect.

(more…)

Share

Hide Sites

I love Wordpress. I said it, that wasn’t too hard, was it? Well, it wasn’t hard because I’m sitting all by myself, but the times I uttered those words in the company of PHP developers I ended up with a long drawn out discussion full of sentiment and little substance.

I heard many arguments why some PHP folks don’t like Wordpress and I’ve heard counter-arguments to those reasons; but I never quite got the essence of why Wordpress doesn’t get the respect it deserves from a large part of the PHP community.

(more…)

Share

Hide Sites