There is nothing that 100% secure. If people would sell security, they just like selling dead donkey. Even a multi-million dollar item equipped with strong security can easily be broken with common tool.
Hmm.. I'm sleepy. Okay people, some other time. (to be continued if time permit and I'm not that lazy).
To sum it up, to build a good secure system:
1. Build a good secure social system first, introduce security to the humans.
2. Build a good base code, black boxing each part of the system.
3. Stack up your code and consider of a domain problem. A domain problem is like there is nothing wrong with the modules, but as they integrates, they create holes.
4. Familiarize people with the good security practice and make sure they do the damn thing right!
Uhm, just like when you implement a password for entering the secure area, it is important to keep the person whom uses the feature to not use any common, easy to guess phrase. No matter how sophisticated your application, people just second guessing the password.
To make it worst, there would be a bad practice where people shares password each other. The login confidentiality that was used to overcome the non-repudiation is no longer effective. Another threat is as person write their password anywhere that made people phisically would enable to require the password.
That just a little example. Time to go to sleep. Bye....
Hmm.. I'm sleepy. Okay people, some other time. (to be continued if time permit and I'm not that lazy).
To sum it up, to build a good secure system:
1. Build a good secure social system first, introduce security to the humans.
2. Build a good base code, black boxing each part of the system.
3. Stack up your code and consider of a domain problem. A domain problem is like there is nothing wrong with the modules, but as they integrates, they create holes.
4. Familiarize people with the good security practice and make sure they do the damn thing right!
Uhm, just like when you implement a password for entering the secure area, it is important to keep the person whom uses the feature to not use any common, easy to guess phrase. No matter how sophisticated your application, people just second guessing the password.
To make it worst, there would be a bad practice where people shares password each other. The login confidentiality that was used to overcome the non-repudiation is no longer effective. Another threat is as person write their password anywhere that made people phisically would enable to require the password.
That just a little example. Time to go to sleep. Bye....
Comments
Post a Comment