Lists Home |
Date Index |
>Can we 'do the simplest thing that will possibly work'
>and still produce a secure system.
Sure; viz Unix.
>>Unlike usability, considering *trust* issues as you set out to design
>>will usually preclude the simplest thing from being done.
> Ok. Not being a security expert, I can agree with that, but again,
> if the code base is secured, then innovation can proceed simply by
> using that code base.
Don't conflate "no security bugs" with "trust issues."
I'm not so sure I agree with Chris.
For example, if Windows was designed with multipler users and networking
in mind, then from the beginning it would have seen the need to
associate some kind of identity and content-integrity with macro
packages, etc. Instead, automation and COM (their mechanism for
scripting applications together), was built to just blindly believe --
and, more dangerously -- have the clients that were tied to it blindly
believe -- what came in. I think it would be much simpler if IE didn't
try to guess content-type, but accepted what the MIME headers said, and
did sanity-checking against it; that would have knocked many worms/virii
right out of the starting gate, and seems simpler.
It's when you need/want to retrofit security into a no-security "rich
user experience" system that you, your users, and at times the entire
Internet, are hosed.
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html