Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Stupid Developer Tricks, Part I.

Ha!  You thought I was only going after users?  Think again.

Here are some of the things I hate to hear from developers:

1.  We’ll fix that in the next release cycle.

No, you’ll fix it now. It’s a security flaw.  You don’t get a pass on security flaws just because your app hasn’t actually broken in a way that makes management sit up and take notice.
(Have you ever, EVER heard of a developer being fired for writing insecure code or not fixing a hole quickly enough?  Neither have I, more’s the pity.)

I don’t care if this makes you blow your deployment deadline.  I don’t care if it delays the start of your next project writing MORE buggy code.  There are only two good reasons why you may be allowed to keep to your deadline:  if we’re going to be breaking the law by missing it, or if the organization will lose serious money by missing it.  Interestingly enough, this almost never happens.

2.  We don’t need encryption, because this is inside the internal network/it doesn’t carry confidential data/other lame reason.

Bzzt!  Wrong.  Unless you have a very good, compelling business or technical reason why you can’t implement encryption, you will do it by default.  Always assume that there are bad guys inside the perimeter (because that’s where they LIKE to be), and remember that anything that will give them an extra toehold into our systems is a BAD THING.

3.  The user interface will enforce access control.

BWAHAHAHAHAHA ...  snort ... giggle ... >>THWACK!!<< Go home and read up on people who do not NEED user interfaces to talk to back-end servers.  Next?

4.  This wasn’t ever considered a problem before ... why do we have to fix it now?

Um, because now you have someone in your organization who (a) knows about security and (b) is paying attention?

5.  The users won’t be able to handle that.

Well, you’ll just have to train them, then.  Just because you have stupid users doesn’t mean a really smart, UNAUTHORIZED one won’t come along.

6.  The users won’t be able to handle that.

You mean YOU can’t figure out how to implement it.  Not my problem.

7.  It’s okay, because they won’t be able to see that part.

Go to the chalkboard and write fifty times, “SECURITY THROUGH OBSCURITY DOES NOT WORK.”

8.  Please, please can I use AJAX?  It’s really cool.

No.





(Stopping here because I feel no need to make this a Top Ten list.)

Posted by shrdlu on Tuesday, July 25, 2006
(2) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon
Page 1 of 1 pages