|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Code Complexity vs. Security
From: Skip Carter (skip
taygeta.com)
Date: Mon Jul 26 2004 - 16:47:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I would suggest that almost all programming errors (and
> hence security problems) come from some programmer attempting
> to be "smart" and reduce the size of his/her code.
Hmmm. While I agree that ill considered programming cleverness is one source
of
problems. But there seems to be an entire class of security issues that have
nothing
to do with bugs but with an insecure design. Consider an absolutely bug-free
program
that controls access to a database via a text file using ROT-13 encryption.
Skip
--
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skiptaygeta.com
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com
Monterey, CA. 93940
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.6.3 04/04/2003
iQEVAwUBQQV7+g55mXCLeJ33AQHWbwf+IlgDKzPvMVHSNqIUxO73YYilxtI7tMAy
1IO3FWOmoqV3JD2rhJRMXgAXah+dlSFOjodI0VuUwH8AFvq+BDDhDZGz6ulq9rTH
N4qms4VrCqQs4DDeoIjZngd4RMWEqY6kSz8eo7awa+IYjGQm5+tp2lRTidE8ILnP
XZTiozEXJontOCKZcMwtmPCnH7qFZ/yAGJ/ZBZkEE9/eaNaxv6wiX0ymhHsgaDiC
dhrUCk8aowjrMwkVRTmvJibu7+qoKwefgak4pH0X9OX4E51P/D6LQlL+c8O383Dj
Ko3xk5OK7zRxurcjFGUs8XX6Ik3jlHLGn/yHUkE/+6UAKyzWGhsPLw==
=Xt68
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]