Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Re: Use placeholders. For SECURITY!

by tilly (Archbishop)
on Nov 14, 2003 at 16:00 UTC ( #307077=note: print w/ replies, xml ) Need Help??


in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

My point was that you characterized the act of stealing them as waiting for a good exploit to come along and then finding a poorly secured box that you can target. Which says that for most developers, worrying about it is Someone Else's Problem. It also comforts a lot of people that they are OK because they have a firewall in place.

I think that developers should be far more paranoid than that.

Also while I agree that people have a lot of obvious problems which cause more failures than whether or not to use encryption, that is not a good reason to avoid using encryption. Sure, one step in the chain being done right or wrong doesn't usually make that much of a difference. But if people at each step assume that all of the others are wrong, then you don't really have much of a chain at all. Start getting things right where you can control them (your piece) and work from there. SSL doesn't solve your basic problems, but it is an easy thing to do that does solve some that come up.


Comment on Re: Re: Use placeholders. For SECURITY!
Re: Re: Re: Use placeholders. For SECURITY!
by hardburn (Abbot) on Nov 14, 2003 at 16:12 UTC

    My point was that you characterized the act of stealing them as waiting for a good exploit to come along and then finding a poorly secured box that you can target. Which says that for most developers, worrying about it is Someone Else's Problem. It also comforts a lot of people that they are OK because they have a firewall in place.

    Ahh, I see what you're saying now. Certainly, just because you have a firewall in front of your database doesn't make you secure. I pointed it out only because an awful lot of places don't have a firewall in place, and often store cleartext CC nums, and there is nothing SSL or anything else client-side can do to change that fact.

    SSL doesn't solve your basic problems, but it is an easy thing to do that does solve some that come up.

    Agreed. SSL is out there, it works, and it's reasonably easy to set up. I only wanted to point out that well-meaning people have taught Aunt Nellie that if that little padlock shows up at the bottom of the browser, her CC num is secure, when it often isn't. As long as the Internet community already went to all the trouble to get SSL working, we might as well use it. However, it's by far not the weakest link in the chain.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://307077]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (8)
As of 2014-08-28 02:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (255 votes), past polls