[erlang-questions] Erlang cookies are secure
zxq9
zxq9@REDACTED
Fri Jun 10 06:33:25 CEST 2016
On 2016年6月9日 木曜日 22:44:57 Louis Pilfold wrote:
> Hi!
>
> In the event that the cookie is your only security, what do you do
> when your cookie gets out?
>
> Event if you cookie is not guessable, there is still a chance that
> through malicious act or human error a trusted person within your
> organisation shares your cookie with others. I've not got the evidence
> to hand, but while preparing for security audits at a previous
> workplace our trainer told us that most security breaches are due to
> the actions of people within the organisation rather than outside of
> it. This seems very plausible to me.
People are almost always easier to manipulate or catch in error than
systems are to crack through exploitation of technical flaws.
How is this not exactly the same as a password? Or AWS credentials?
Or a secret key? Or any other of a host of similar schemes?
-Craig
More information about the erlang-questions
mailing list