OT: Capturing failed login attempts
Fairlight
fairlite at fairlite.com
Tue Sep 13 04:07:22 PDT 2005
Is it just me, or did Jay Ashworth say:
>
> Though, note that it's widely considered to be poor system
> adminstration practice to log usernames in the log on failures, because
> people get out of sync, and you end up with passwords in the log file.
That's considered poor -user- practise, and it's incumbent upon anyone
doing so (I've done it by mistake myself--it happens) to immediately change
their password when they get in.
The flip side of this is also that if you can't trust your admins to
know what your password is, who the hell can you trust? They have the
run of the system already. :) And on the odd chance we're talking about
holed systems, then you've already got far larger issues than whether or
not someone's scatterbrained attempt to log in was present in a file.
You either trust your admins to run a secure system, ethically--or you
shouldn't be using the system in the first place.
mark->
--
There is no "I" in TEAM.
This would be the primary reason I've chosen not to join one.
More information about the Filepro-list
mailing list