Changes between Version 1 and Version 2 of TracSecurityOverview
- Timestamp:
- 2010-01-09T16:58:41Z (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracSecurityOverview
v1 v2 6 6 == Recommendations == 7 7 8 * Don't use a password which you use elsewhere. (See: Twitter incident) [FIXME: Find ref.]8 * Don't use a password which you use elsewhere. (See: [http://testgrid.allmydata.org:3567/file/URI:CHK:nm72blax6oqt3fui3dnrhahszq:wcpjaneyqzf4bw752izfey44abql6ywync2vweejsmnohyiwkkia:3:10:275196/@@named=/the-anatomy-of-the-twitter-attack.html Twitter incident]) (the short story is that there were no technical security flaws, but users used the same creds on an "unimportant" service as well as a different critical service, so the attacker could escalate the attack across services.) 9 9 * Don't expect the ticket database to be non-corrupt or reliable or persistent. 10 10 * Backup the ticket database and wiki pages regularly! Use snapshots so corruption does not overwrite correct data. … … 26 26 * Search for existing Trac security references. 27 27 * Verify that plaintext passwords are stored. 28 * Find Twitter incident ref (the short story is that there were no technical security flaws, but users used the same creds on an "unimportant" service as well as a different critical service, so the attacker could escalate the attack across services.)