Infosec

Names vs Security

Sat Jan 7, 2023 Security Infosec SQL I18n

Since LastPass’ most recent security issues (do use a password manager but not LastPass) I’ve seen a lot of people online changing all their passwords and realising how bad the experience is.

For those of us with names which can be spelled in the limited ASCII alphabet the pain point is the password part - where the rules can be annoying but in the end we can work around them.

Today I saw a post Hello my name is St�phanie which highlights how there is a bigger problem for many people.

It all got me thinking : why do we (developers) do this ?

Laravel Database Privileges

Sat Dec 31, 2022 Laravel Database Infosec Security

Laravel has some really good features for setting database connections - but oddly this isn’t spelled out in the documentation.

Databases (especially in Docker containers) often come by default with a single, powerful, user account.

As a result all too often people run Laravel without considering the principle of least privilege.

By following a few simple steps we can enhance security.