Is security on your list of 'things to do'?

[Project-Shadow]

A business thread [shock horror]

When you create a new site [paysite] what do you put on your list of things to do?

Content, Promotion, how will it affect your current sites etc.

How many of you honestly put security up there with making money off your sites?

Just to proove a point, post your site and odds are at least 1 working pass will be floating around on google.

Try me.

[Platinumpimp]

this should be good

[Downtime]

bump

[TweetyBird]

Quote:

Originally posted by Project-Shadow

Try me.

lol

[psili]

We use session based authentication and I'm not saying our site and content is 100% secure, I do get users who write in asking for their passwords to be changed because they were dumb enough to share them and can't login because their buddies are using up their available sessions.

Even if a user is fucking around with a query string, I try and limit the script errors from bad data coming in via POST or GET, if not only to feel safer, but also to keep from looking stupid when someone can see you have a "parse error on line 20 of ....".

Granted, 100% of problems aren't caught either, but it's always in the back of the head to prevent / limit.

[Platinumpimp]

nobody got the balls to post their site?

[Project-Shadow]

Quote:

Originally posted by psili
We use session based authentication and I'm not saying our site and content is 100% secure, I do get users who write in asking for their passwords to be changed because they were dumb enough to share them and can't login because their buddies are using up their available sessions.

So you don't feel that this is grounds for termination of an account? If its a member that rebills, then sure maybe you could cut some slack, but someone who signs up then shares their pass.. i'd terminate, praying they don't chargeback

[psili]

Quote:

Originally posted by PlatinumPimp
nobody got the balls to post their site?

http://www.ten.com/

[European Lee]

http://www.dilf.com

Regards,

Lee

[psili]

Quote:

Originally posted by Project-Shadow
So you don't feel that this is grounds for termination of an account? If its a member that rebills, then sure maybe you could cut some slack, but someone who signs up then shares their pass.. i'd terminate, praying they don't chargeback

I've never had a user ask twice to change their account password. They feel stupid enough because they can't jerk off. But yea, I guess we could be more "strict" in enforcement.

[KRosh]

Quote:

Originally posted by Project-Shadow
A business thread [shock horror]

When you create a new site [paysite] what do you put on your list of things to do?

Content, Promotion, how will it affect your current sites etc.

How many of you honestly put security up there with making money off your sites?

Just to proove a point, post your site and odds are at least 1 working pass will be floating around on google.

Try me.

www.nuttedon.com

[psili]

Quote:

Originally posted by psili
http://www.ten.com/

Yo, I'm out for the night. If anyone can hack the site please be kind and wait to do it tomorrow morning so I don't get a page at 2am

otherwise, good topic.

[Project-Shadow]

Psili, before you dash, I'd like to say that I have found a list, which was posted yesterday, but none of the passes work. So you've got something working there.

[raymor]

Quote:

psili
http://www.ten.com/

My spider found some passwords for ten.com a while back.
I think about security everyday, but then that's because
I'm in the business of securing your sites.