On Thu, 29 Jan 2004 09:15:28 -0500 Blaine Simpson <blaine.simpson@???> wrote:
> Any web server or app server I've ever used (about 25) has source ip and
> many methods of username/password restrictions, all of which have been
> tested in thousands of production, commercial environments. All of largest
> IT companies in the world depend on this security. These mechanisms are
> proven by a user base much larger than Exim has ever had.
oh come now. i from time to time do security audits of web applications
for customers, and time and time again i've found systems in production
with some real howlers in them.
just because it's deployed doesn't mean it's secure.
one which is well known (_not_ one that i found) is the session id problem
with the verizon wireless web site.
geez,
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
