Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Is it Secure?

by ignatz (Vicar)
on Apr 10, 2002 at 16:11 UTC ( [id://158056]=note: print w/replies, xml ) Need Help??


in reply to Is it Secure?

I think that you fall into a real trap when you take an us/them approach to security. Security starts at home. Take a system that you are in charge of. Ask yourself how much damage you could do to it if you wanted to. Rate its security by your answer.
()-()
 \"/
  `                                                   ` 

Replies are listed 'Best First'.
Re: Re: Is it Secure?
by mrbbking (Hermit) on Apr 10, 2002 at 20:23 UTC
    I could completely wipe out a system that I'm "in charge of," else I'm not really in charge of it, am I? If you look at *users* of a system you're in charge of, I think you have a good point.

    Or am I missing your point entirely?

    Update: 2002-04-10 20:23 EDT - Somehow I always think of backups as distinct from security, though I know backups are part of security. Thanks for the reminder, ignatz.

    s!!password!;y?sordid?binger?; y.paw.mrk.;;print chr 0x5b ;;; print;print chr(0x5b+0x2);;;;;
      If you can wipe out a system and there is no way for someone to recover that system after you are fired then you are a single point of failure and it's not a secure system. My point really stems from the fact that most theft and damage is internal, not external.

      At one company where I was the lead developer I made it a point to not have root on any shared server. None of the programmers had root to production or central web servers. We each had our own server that we built and used CVS to manage the code. There was no single point of failure. I could decide to go postal at any time and the system was never at risk.

      Lucky for them I did, because after they fired us all , escorting us with armed guards from the building with one hours notice, the site wasn't at risk dispite our anger at the way we were treated. It ran safely for many months until they went bankrupt.

      Update after a few hours of sleep:Having all of the developers work in their own environment came not out of distrust, but from a desire to get beyond the BS that I've seen happen over and over in a centralized free for all environment: A stupid angry developer who decides to log in as someone else to try to make them look stupid. Product Managers who decide that they don't like the pace of things and decide to go in and change other peoples work without telling anyone. It's a lot of fun to tell people who ask for a root password "I don't have root and I built that damn thing, why the hell do you need it."

      I think that it's interesting when building something to play the game of imagining an opponent trying to break into my application who knows everything that I know. If I wanted to f___ with an web application what would I do, and how would I defend against myself, being that I'm the person most likely to be able to do the most damage.

      ()-()
       \"/
        `                                                   ` 
      

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://158056]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2024-03-29 05:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found