Yeah, I will agree with that. I'm two minds of this apparently. It's one thing if a simple forum has my username/password stolen, quite something different if my SSN was stolen.
My co-worker gave the argument that if a username/password can be traced back to you and additional information can be gleamed and they can figure out your bank and manage to log in because your username/password was the same, then it's the original site that lost the data fault. My counterpoint was, If I let you borrow my car and I happened to give you my entire keyring instead of just giving you the keys to the car, was it your fault or mine when you got mugged and the keys (password) were taken from you (by a hacker) my car (data) got stolen and oh, by the way, now my house ( the bank ) got robbed? In my opinion, We were both at fault there. I stupidly gave you my entire keyring and you lost it/got mugged/whatever. I do understand what you are saying. I agree that personal identifying information needs to be encrypted and secured. SSL (or TSL or whatever the hell you want to call it now) is an extra layer. Does SSL belong on a simple forum? Not sure. Does it belong on a site that is doing any kind of transactions? Certainly. I think adding a robust privacy policies and terms of agreements are a good thing as well. Ensuring the end user that the data is encrypted and laying down exactly what you're responsible for. It's one thing for data to be compromised on your website, something entirely different when the end user didn't secure themselves by using the same username/password and now their bank got cleaned out. Maybe we all take information for granted for how freely its flowing out there? I may have to rethink all this... I have no idea anymore. I argued myself into a circle. ;) On Jan 24, 2008 3:57 PM, Dawson, Michael <[EMAIL PROTECTED]> wrote: > You are missing my point. I'm not saying a person is not responsible for > their own credentials, however, you know how the media is. > > My original point was that it is too inexpensive NOT to secure the > information. Especially, to protect dummy people from themselves. I > care about the other guy even if the other guy gots not smarts. > > M!ke ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297359 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4