StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
3451820
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2010-08-10T17:43:31.520
FavoriteCount
0
LastActivityDate
2010-08-10T17:48:59.290
LastEditDate
2010-08-10T17:48:59.290
LastEditorUserId
91671
OwnerUserId
91671
ParentId
3451704
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
There's no easy answer to a broad question like this. There are many different kinds of threats that your application could encounter - what one generally needs to do called <a href="http://msdn.microsoft.com/en-us/library/ff648006.aspx" rel="nofollow noreferrer">threat modeling</a>, consisting of: <ul> <li>identifying vulnerabilities</li> <li>identifying attack vectors</li> <li>identifying possible countermeasures</li> </ul> Before you can make decisions about whether to use SSL, HTTPS, encryption or any other technology, you need to understand what threats each mitigates and how they can be compromised. While there are best practices for security, you can't just follow a recipe to secure a system. While, in general, you mention some reasonable countermeasures for securing an application (password hashing, HTTPS) the devil is in the details. You sometimes have to consider scenarios like: <ul> <li>replay attacks (where message traffic is recorded and replayed)</li> <li>denial of service attacks (where your server is bombarded with malformed or invalid messages in an attempt to overload it)</li> <li>man-in-the-middle (attacks in which the attacker intercepts or alters messages in route)</li> </ul> There are many other attack vectors (and possible countermeasures) to consider. How much effort you expend depends on the importance of the resource being protected, the consequences if it's compromised, and your level of skill and understanding of the security environment you will operate in. Microsoft has published something called the <a href="http://www.microsoft.com/security/sdl/resources/faq.aspx" rel="nofollow noreferrer">Security Development Lifecycle (SDL)</a>, which you may want to look into. There's also an entire <a href="http://msdn.microsoft.com/en-us/library/ff648032.aspx" rel="nofollow noreferrer">Security Engineering</a> section on MSDN that has lots of background and guidance on this topic.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POBest practice for securing username/password between clients and server
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USLBushkin
UserOwnerUserId
1. USLBushkin
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThanks for your reply - lots of food for thought here. I'll try to do my own take on the threat modelling and see where it gets me. :)
 singulars
 PostPostId
 PO
 UserUserId
 USRune Jacobsen

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.