Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Re: Re: Use placeholders. For SECURITY!

by nevyn (Monk)
on Nov 14, 2003 at 11:46 UTC ( #307026=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

On how critical the data that people work with is, I can't speak for most programmers. Speaking for myself, I have never had a programming job where I didn't wind up learning very sensitive things about people. My sense is that this is pretty typical. People stick information in a database, I have access to the database. People want to improve workflow, I get access to whatever data is in that workflow. People want financial reports run, I get to see the financial data.

I generally don't care about the data I have access to, but I get that access, and the fact that it is worth hiring me to work with the data means that someone thinks that it is worth a lot.

Well there's also the threat. If you are writing something that sells CDs on the internet, then anyone can access it and anyone can/will attack it. A web front end for some mid level managers though (passwd protected so only they can get to it) has a much lower chance of being attacked, so from that point of view while it might be sensitive screwing up and allowing XSS etc. isn't as bad as if it'd happened on etc.

For instance I've worked at places (I managed to leave quickly though :) where people mostly used telnet and had numerous machines where people had root access ... and one place where everyone used one machine for shell access, and gave the root password to it out. Hell one place I contracted at had single letter root passwords everywhere and they dealt with medical information. And while that is completely insane, IMO. The employees while having easy access to the gasoline and lighter, didn't burn the place down on a daily basis. Admittedly if they were knowledgeable enough and wanted to they wouldn't be seen ... but generally the people either weren't knowledgeable or didn't want to.

But maybe I'm being somewhat too optimistic about the entire race :).

James Antill
  • Comment on Re: Re: Re: Use placeholders. For SECURITY!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://307026]
[choroba]: Anyone using anything to validate json contents of a REST service?
[moritz]: choroba in python I use jsonschema
[moritz]: I'm sure there's a Perl implementation of it too
[choroba]: it seems Kelp and similar help you a lot with dispatching, but how to do something similar with contents?
[moritz]: like JSON::Schema
[Corion]: ambrus++ # more bugs than lines
[Corion]: That's like "works on my machine" ;-)
[choroba]: I mean, I'd like to say "this path should run this sub, but first it should check the user is authenticated, has the following permissions, and the contents is valid against a given schema
[ambrus]: no, that means I haven't even tried to run it, might not even parse
[ambrus]: so it doesn't work on my machine

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (14)
As of 2016-12-08 12:49 GMT
Find Nodes?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:

    Results (141 votes). Check out past polls.