Difference between revisions of "Talk:OWASP Application Security FAQ"

From OWASP
Jump to: navigation, search
(added md5 hashing discussion)
(Cache info is wrong: new section)
 
Line 12: Line 12:
  
 
The FAQ talks about hashing passwords with MD5. I believe bcrypt is the current accepted standard.  ''[[User:Ryan Dewhurst|Ryan Dewhurst]] 22:02, 22 March 2013 (GMT)''
 
The FAQ talks about hashing passwords with MD5. I believe bcrypt is the current accepted standard.  ''[[User:Ryan Dewhurst|Ryan Dewhurst]] 22:02, 22 March 2013 (GMT)''
 +
 +
== Cache info is wrong ==
 +
 +
"If a webpage is delivered using SSL, no content can be cached."
 +
 +
That's just totally wrong. I use Firefox to diagnose caching issues with SSL content all the time. [[User:Rick.mitchell|Rick.mitchell]] 15:08, 28 May 2013 (UTC)

Latest revision as of 10:08, 28 May 2013

I feel that this page/article should be renamed to "OWASP Application Security FAQ". The complete form is usually preferred in Wikipedia articles and it does make the page title more readable and probably more search engine friendly. --Varunvnair 23:19, 2 July 2006 (EDT)

Contents

Need for more questions and answers

I think more questions and answers should be included into the OWASP Application Security FAQ. This requires contribution from other readers. If an answer needs clarification, please mention it in 'Discussion'.

SSL Could Use a Refresh

The "SSL" sections here are getting pretty dated. For example, there's no mention of "AES" or "SHA1" and the only mentioned symmetric key bit lengths are 40 and 128. Jlampe 09:35, 23 February 2009 (EST)

MD5 Password Hashing

The FAQ talks about hashing passwords with MD5. I believe bcrypt is the current accepted standard. Ryan Dewhurst 22:02, 22 March 2013 (GMT)

Cache info is wrong

"If a webpage is delivered using SSL, no content can be cached."

That's just totally wrong. I use Firefox to diagnose caching issues with SSL content all the time. Rick.mitchell 15:08, 28 May 2013 (UTC)