Suggest how you would go about validating a password protection system for an application that you have developed. Explain the function of any tools that you think may be useful.
What will be an ideal response?
Validating a password protection system involves:
1. Identifying possible threats. The principal threats are
a. Attacker gains access without a password
b. Attacker guesses a password of an authorised user
c. Attacker uses a password cracking tool to discover passwords of
authorised users
d. Users make passwords available to attackers
e. Attacker gains access to an unencrypted password file
2. Developing tests that cover each of these threats
a. Test system for all authorised used to check that they have set a
password.
b. Test system heuristically for commonly used passwords such as names of
users, festivals, other proper names, strings such as '12345' etc.
c. Check that all user passwords are not words that are in a dictionary. A
password cracking tool usually checks encrypted passwords against the
same encryptions of words in a dictionary.
d. This is very hard to check. To stop users writing down passwords you
need to allow words that are in the dictionary and are hence easy to
remember.
e. Check that access to the password file is very limited. Check that all copy
actions on the password file are logged.
You might also like to view...
The Picture Size Mode property determines the size of the picture in the form
Indicate whether the statement is true or false
Formatting for an XML document is saved with the ________ file extension
Fill in the blank(s) with correct word
One way to modify an existing query is to specify a sort order for a(n) field in a query. _________________________
Answer the following statement true (T) or false (F)
Fine adjustments to the highlights and shadows of an image are made on the ____ tab on the Adjustments panel.
a. Split Toning b. Effects c. Lens Corrections d. Camera Calibration