POV-Ray: Newsgroups: povray.off-topic: Why does this not surprise me?: Re: Why does this not surprise me?

POV-Ray : Newsgroups : povray.off-topic : Why does this not surprise me? : Re: Why does this not surprise me?		Server Time 12 Jul 2025 14:01:01 EDT (-0400)

From: Darren New
Date: 13 May 2008 19:19:53
Message: <482a2219$1@news.povray.org>

Gail Shaw wrote:
> frightning proportion of devs I work with don't know the first thing about
> how to write secure code

Well, here's a question for you. Other than very generic advice like 
"don't use predictable secrets" and "don't execute code from untrusted 
users" (which really covers a lot more than you may think), what would 
you teach?

Most of the hacks I've seen are either script kiddie level, caused by 
allowing your program to wander into undefined territory, social 
engineering, or really top-notch kind of stuff like microwaving a smart 
card and then timing how long it takes to authenticate to figure out 
which bits are ones and zeros in the private key.

What sorts of stuff would you teach?  Basic firewall and 
SQL-injection-prevention stuff? Something more?

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message