Web lists-archives.com

Re: Password policy.




It may be that the Debian team is more in tune with their users. I’ve caught hell trying to convince old timers that their password of mark1 was incredibly horrible. People even tried to get me fired over my “strict” password policy.

Sent from my iPhone

> On Nov 14, 2018, at 7:28 PM, Andrew McGlashan <andrew.mcglashan@xxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> 
> 
>> On 14/11/18 10:25 pm, Corey Manshack wrote:
>> So using the file uploader tool we can inject many more dangerous scripts and codes to gain higher access than just “reading” /etc/shadow if the uploader tool is running as privileged user or we gained privilege escalation another way.
> 
> Sure, I never said it was a good example...
> 
> In any case, weak passwords as per the "recommendation" are surprising
> to say the least.
> 
> A.
>