Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Is it Secure?

by mrbbking (Hermit)
on Apr 10, 2002 at 20:23 UTC ( [id://158133]=note: print w/replies, xml ) Need Help??


in reply to Re: Is it Secure?
in thread Is it Secure?

I could completely wipe out a system that I'm "in charge of," else I'm not really in charge of it, am I? If you look at *users* of a system you're in charge of, I think you have a good point.

Or am I missing your point entirely?

Update: 2002-04-10 20:23 EDT - Somehow I always think of backups as distinct from security, though I know backups are part of security. Thanks for the reminder, ignatz. 

s!!password!;y?sordid?binger?;
y.paw.mrk.;;print chr 0x5b ;;;
print;print chr(0x5b+0x2);;;;;

[download]

Replies are listed 'Best First'.
Re: Re: Re: Is it Secure?
by ignatz (Vicar) on Apr 11, 2002 at 00:17 UTC
    If you can wipe out a system and there is no way for someone to recover that system after you are fired then you are a single point of failure and it's not a secure system. My point really stems from the fact that most theft and damage is internal, not external.

    At one company where I was the lead developer I made it a point to not have root on any shared server. None of the programmers had root to production or central web servers. We each had our own server that we built and used CVS to manage the code. There was no single point of failure. I could decide to go postal at any time and the system was never at risk.

    Lucky for them I did, because after they fired us all , escorting us with armed guards from the building with one hours notice, the site wasn't at risk dispite our anger at the way we were treated. It ran safely for many months until they went bankrupt.

    Update after a few hours of sleep:Having all of the developers work in their own environment came not out of distrust, but from a desire to get beyond the BS that I've seen happen over and over in a centralized free for all environment: A stupid angry developer who decides to log in as someone else to try to make them look stupid. Product Managers who decide that they don't like the pace of things and decide to go in and change other peoples work without telling anyone. It's a lot of fun to tell people who ask for a root password "I don't have root and I built that damn thing, why the hell do you need it."

    I think that it's interesting when building something to play the game of imagining an opponent trying to break into my application who knows everything that I know. If I wanted to f___ with an web application what would I do, and how would I defend against myself, being that I'm the person most likely to be able to do the most damage. 

    ()-()
 \"/
  `                                                   `
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://158133]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (4)
As of 2024-04-19 06:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found