tag:blogger.com,1999:blog-8281035461329714656.post2248588241368906474..comments2020-06-20T06:49:48.100-04:00Comments on Web Insecurity: No Website Left Behind: Are We Making Web Security Only For The Elite?Terri Odahttp://www.blogger.com/profile/10462169521890966235noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8281035461329714656.post-84634862256065925032010-05-25T17:25:29.524-04:002010-05-25T17:25:29.524-04:00"Shouldn't" and "aren't&quo..."Shouldn't" and "aren't" are very different things!<br /><br />The point of this presentation was to remind folk that whether they <em>should</em> or not, our current setups <em>do</em> allow non-technical page creators to impact security. Separation is a powerful tool, but it's quite weak if there's programmer error on the supposedly secure system side, so it's not really enough by itself.Terri Odahttps://www.blogger.com/profile/10462169521890966235noreply@blogger.comtag:blogger.com,1999:blog-8281035461329714656.post-61054295357133970892010-05-24T07:10:53.745-04:002010-05-24T07:10:53.745-04:00If you're not a programmer, you shouldn't ...If you're not a programmer, you shouldn't be exposing your code to hostile users. If you want to customize your website beyond playing with the layout and static content, hire someone to do it. Computer programs are the most complicated "devices" created to date, and cut-and-paste doesn't change that.<br /><br />Really separating design and code, to the point where the designer can't inject code deliberately (let alone accidentally), is about the only approach that I can see having a chance of really working. That's what Wikis and web-forums do, using a markup language that's deliberately secure and gets converted to a subset of HTML. Yes, it means you can't install the web equivalent of a turbocharger without hiring a programmer... but then, most people wouldn't try to install a turbocharger without hiring a mechanic: and that's in many ways a much simpler job.Resunahttps://www.blogger.com/profile/11926139083455275005noreply@blogger.comtag:blogger.com,1999:blog-8281035461329714656.post-28927627600417866252010-05-23T19:32:16.470-04:002010-05-23T19:32:16.470-04:00Inspiring Presentation.
I've never seen one l...Inspiring Presentation.<br /><br />I've never seen one like that before.<br /><br />Congrats.Marcos Ricardohttps://www.blogger.com/profile/10175937289599328538noreply@blogger.com