My thoughts as an enterprise Java developer.

Thursday, April 12, 2012

Code can't be stolen under federal law, court rules | Security & Privacy - CNET News

Code can't be stolen under federal law, court rules | Security & Privacy - CNET News: "The enormous profits the system yielded for Goldman depended on no one else having it," Jacobs ruled. "Because [the high-frequency trading system] was not designed to enter or pass in commerce, or to make something that does, Aleynikov's theft of source code relating to that system was not an offense under the EEA."

Wednesday, April 04, 2012

Is it more secure to allow the browser to save a website password or prohibit it?

Is it more secure to allow the browser to save a website password or prohibit the browser from saving the password?

Benefits of allow the browser to save the password:
  1. Spoof websites are more easily detected because the username and password don't show up (this may be a mute point if the username is saved but not the password).
  2. Keyloggers won't pick up the password if you don't type it. (Thanks to Thrawn)
  3. People will be less likely to keep the password in an obvious place (i.e. sticky note)
Benefits of prohibiting the browser from saving the password:
  1. Stops someone with access to your computer from accessing the passwords (the level of access needed can vary based on how the passwords are stored).