Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I totally agree with you when you say that we must be security aware.

However, I real life you just CAN'T always setup the adequate security level.

I mean security is almost always a tradeoff for ease of use...

Of course you can recompile your kernel adding various security patches, audit your sources, log everything on your box,
changes your password to a random one every week (and Remember it), disable all unused ports,
set up a tcpwrapper AND a firewall, use secure protocol (ssh, IMAP(?)) and forbid the insecure ones (telnet, ftp...),
you can spend 2 hours a day browsing for security holes on vulnerability lists and patching all your proggies to new versions...

But will it be necessary for single user box, with no sensitive data and connected few hours a day to the net ?
Even if some of you scream 'YES' the answer is 'no' (mainly beccause of the hours lost in the patching/upgrading work ;-)

Security must be adapted to the level of security you NEED.

Enhance the security where it's necessary (or at least where it's the most efficient).

Don't ge me wrong ! in a perfect world (where I would get paid to do it full time with skillfull user accepting the drawbacks)
the 'everything should be secure' policy would be fine.
Sadly, My boss think my job is to code as much as I can, and allow me almost no time to administer 5 servers and several workstations.
My users say SCP is too complex and that they WANT to use their (unsecure) AceFTP client.
So in this world I have to carefully use the few time I have to enhance the security with a maximum efficiency (with the little time/resource I have).

So IMHO, even If you must be always security aware, there are some things that you can't afford to do.

It remembers me the (Merlyn?) 10/10 rules about 'use strict' stating that any script with more than 10 lines
or running more than 10 times should be using use strict.
We should always use the strict pragmata, but we can't afford it for simple case...

Have you ever wonder why there are so few b1 compliant computers ?
It's only beccause REAL security make the use of a computer REALLY horrible.

So even if it's not so clear, here is my message :

Be security aware, especially beccause you CAN'T reach true security, and try to make things as secure AND easy AS YOU CAN.

"Trying to be a SMART lamer" (thanx to Merlyn ;-)

In reply to Re: Stay aware of security by arhuman
in thread Stay aware of security by tilly

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2022-12-08 19:01 GMT
Find Nodes?
    Voting Booth?

    No recent polls found