Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: •Web Security

by digiryde (Pilgrim)
on Jun 23, 2002 at 22:05 UTC ( #176635=note: print w/ replies, xml ) Need Help??


in reply to Web Security

Several places I have worked for scoffed at security, or any other need not immediately visible to management. Many times I have written a requirements document for code based on the requirements document I was given that included performance and security elements that would have added between 2 and ten percent to the project and saved on the need for several servers(admin time and server cost) or would have closed up several security holes (priceless?) only to have the issues scratched from the immediate to-do list and added to the post-installation list. In most cases the performance items were driven back to us within a week of install (black eye) by which time we had those issues dealt with and were ready for more testing for a fast install.

We could have waited a week and installed without issue (smaller black eye), but our immediate management wanted to impress upper management by holding to their insane development time frames. We were almost never asked to do anything security related once the product was in.

The rule I have learned is if they can not see it, they do not care. Typical clueless mindset. We don't need a firesystem until we have a fire. Then its too late.


Comment on Re: •Web Security
Re: Re: •Web Security
by rattusillegitimus (Friar) on Jun 24, 2002 at 14:26 UTC

    I've been in that awful position more than once, too. The worst of it for me was knowing that I personally din't at the time understand enough about Perl and web security to write code I was tasked with in a resonably safe manner, but not being given the time needed to research and learn or some assistance in finding and closing glaring security holes when I would loudly and clearly proclaim my own ignorance in the area to the bosses.

    We were lucky. So far as I know, none of my security ignorance was exploited in the time between putting potentially dangerous code into production and getting one of my co-workers to sneak a break from his own insane time-frame to double check me.

    Now that Perl has become more avocation than vocation for me, I've taken the time to close many of those gaps in my knowledge. ;)

    -rattus

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://176635]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2014-07-26 13:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (177 votes), past polls