Likewise, we “trusted the process,” but the process didn’t save Toy Story 2 either. “Trust theProcess” had morphed into “Assume that the Process Will Fix Things for Us.” It gave ussolace, which we felt we needed. But it also coaxed us into letting down our guard and, in theend, made us passive. Even worse, it made us sloppy.

When the embedded document has the same origin as the embedding page, it is strongly discouraged to use both allow-scripts and allow-same-origin, as that lets the embedded document remove the sandbox attribute — making it no more secure than not using the sandbox attribute at all.

Allowing port 80 doesn’t introduce a larger attack surface on your server, because requests on port 80 are generally served by the same software that runs on port 443.

If you force people to frequently change their passwords, they will use bad passwords.

Stop forcing users to change their passwords every 30, 60, or 90 days, and stop forcing users to include a mixture of uppercase, lowercase, and special charactersForcing users to change their passwords should only happen if there is reason to believe an organization has been breached, or if a new third-party data breach affects employees or users.

Now using sudo to work around the root account is not only pointless, it's also dangerous: at first glance rsyncuser looks like an ordinary unprivileged account. But as I've already explained, it would be very easy for an attacker to gain full root access if he had already gained rsyncuser access. So essentially, you now have an additional root account that doesn't look like a root account at all, which is not a good thing.

you probably referred to the positive case where no one overrides anything and so the property returns true, so no need to process further because it is really an automation. Yes, this is true. I just hope that it does not make websites skip the checks if this returns false.