[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No more Bugzilla for me



On Tue, 2009-04-21 at 22:12 -0700, Jesse Keating wrote:
> On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
> > Ah, I'm a little confused.
> > 
> > All that was requested was a change of password.  This doesn't stop Joe
> > Public from signing up and accessing bugzilla, and presumably doesn't
> > stop Joe from viewing leaky NDA's.
> > 
> > All it seems to do is make me have to change a password.
> > 
> > Surely if there are leaks using the old password, then there's still
> > leaks with my new password (which is actually my old password since I
> > went back in and changed it back).
> 
> There is a theory that changing passwords on a regular bases lessens the
> risk of somebody's password being stolen and used nefariously.
> Depending on the account compromised the damage increases from nuisance
> to legally damaging.  

What is the lifetime of bugzilla login cookies? 

-- 
David Woodhouse                            Open Source Technology Centre
David Woodhouse intel com                              Intel Corporation


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]