What can be done to improve IT security and encryption?
Pic related
What can be done to improve IT security and encryption?
Alexander Gonzalez
Jeremiah Stewart
Destroy everything.
Xavier Powell
remove ethernet plug, phisically remove any wifi/radio component, live in bunker
William Harris
Let the right wing death squad give public hangings to college staff
Each one of them failed their students. Not as in giving them bad grades, but giving them a bad education
Mason Adams
Make the devs as responsible for any breaches as engineers are responsible when a bridge collapses.
Alexander Cruz
THIS.
Luis Gomez
is this a bad code??
Luke Brown
Thus ending the debate: whats better Jow Forums or reddit. Redditors are just smarter it seems.
Gavin Nelson
the code itself, not really but from a security stand point it's like watching the hindenburg crash
Isaac Brooks
>intranet
who cares
Easton Campbell
for once i agree
Zachary King
It's terrible. I'm not an expert but I see:
>Unencrypted passwords
>The entire user database retrieved and read on the client JS
>Entire login logic done on the client
>Logged in basically just means a client-side cookie "loggedin" = "yes"
>"true" === "true"
I.e. you can easily "log in" even without an user/pass by opening the Chrome Dev Tools and typing on the console $.cookie('loggedin', 'yes');
Joshua Moore
...
Colton Foster
Obviously. Visit Jow Forumsprogramming and compare it with /dpt/.
Christian Cook
>$.cookie('loggedin', 'yes');
>$
webshits get out reeee
Carter Moore
don't understand much about security, but it looks like he's comparing the plaintext passwords instead of the hashes.
Besides that:
>querying all the users from the database
>throwing them in a sort of list
>linearly searching the list
why not just query the user itself in the first place?
>if ("true"=="true") {return false;}
Luke Cox
I'm not good at JS, but does this really iterate through all 1500 users every time one of them tries to log in?
Alexander Cruz
Wouldn't that collapse the IT service market?
You would need to constantly train programmers in newest hacking methods. Just imagine the time and money needed for just that.
Also, bridge construction engineers don't need to account concentrated and determined human effort in destruction. Otherwise they would need to design a bridge resistant to bombs and artillery and update the design every time new bunkerbuster is devised.
Dominic Collins
It would improve everything. No garbage apps because everyone except the properly trained people are afraid of responsibility. Users feel more confident because they are not liable in case if breaches etc.
Of course to prevent a complete collapse the penalties should be proportional to number of users. Small websites pay a 500$ fine, Facebook pays several billion.
Hudson Clark
if ("true"==="true"){
return false;
}
I-i can't even...
John Baker
Yes. It also appears to be sending raw sql for the server to execute, meaning that it's vulnerable to injection attack
Asher Johnson
So it's insecure in multiple ways AND has shit performance?
WTF, I love JS now…
Austin Gutierrez
So many questions
Logan King
it's awful and stupid even leaving aside the plain text passwords fuck off larper
Adam Parker
nobody has explained the non retarded way of doing this yet?
examples in JS and Non-JS go on....
Aaron Lee
Do DB queries on the server, not the client.
James Watson
Engineers aren't held liable for intentional damage, which is what we're actually talking about here.
John Rivera
This isn't even an injection attack. You can just send it the Sql query you want run, e.g. "DROP TABLE users"