POV-Ray: Newsgroups: povray.off-topic: Why does this not surprise me?: Re: Why does this not surprise me?

POV-Ray : Newsgroups : povray.off-topic : Why does this not surprise me? : Re: Why does this not surprise me?		Server Time 12 Jul 2025 07:08:04 EDT (-0400)

From: Orchid XP v8
Date: 14 May 2008 14:48:06
Message: <482b33e6$1@news.povray.org>

Darren New wrote:

> Well, here's a question for you. Other than very generic advice like 
> "don't use predictable secrets" and "don't execute code from untrusted 
> users" (which really covers a lot more than you may think), what would 
> you teach?

How about

   Rule #1: You will NOT "add security later". It doesn't workt that way.

If more people understood that, things would be *so* much better! Too 
many people think "security" is just something you can buy in a box and 
install as a seperate item. It isn't.

Of similar signifigance,

   Rule #2: People WILL try to circumvent security if it inconviniences 
them too much.

After that we get into smaller details, such as

   Rule #3: Any user-supplied data should be thoroughly checked before 
use. [For reliability as much as security.]

   Rule #4: Treat network data with suspicion unless you are absolutely 
sure where it came from.

and so forth.

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message