On Sat, Jan 31, 2015 at 1:37 AM, Matt Oliveri <[email protected]> wrote:
> How did you conclude that contributors and participants need such > strong authentication? Are brute force attacks really effective > against random-looking passwords? It would've thought that amount of > attempted logins would swamp the server anyway. And even if they get a > contributor login, they can't make any changes that the administrator > (you) can't reverse, right? > Matt, Valerio: I want to thank the two of you for raising questions and challenges. It made me look harder at TOTP, and I'm no longer convinced that it's all that helpful. The threat that I'm worried about here is basically the threat of having my time wasted. Public-facing CMS systems are an attractive nuisance for people who like to deface things. Deleting one or two bits of nastiness and banning a user isn't too time consuming. Above a certain threshold, though, my solution is probably going to be "disable that user and restore the whole site from backup", simply because I don't have time to examine everything that may have been done. Maybe there's a better way, and I'm very open to suggestions. Especially if it turns out that there's a good auditing tool available for Drupal. Does anybody know of one? Drupal ends up with about 6 or 7 critical vulnerabilities a year. If we can get people to avoid using weak passwords, those may turn out to be the more frequent concern. On a more serious note, some of the things we're trying to produce as a community are normative reference documents for security-critical software. We shouldn't neglect the possibility of a *professional* attacker injecting vulnerability by making subtle changes to our specifications. It's happened before. *That* is the main reason I want to have a distinction between community members in general and active contributors. It's not a matter of distrust. It's a matter of having fewer accounts that have enough authority to change normative things. So with that said, I'm going to back down on TFA, and merely ask "contributors" to promise to use strong passwords. shap
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
