Food for thought

Security is imperfect

Just like anything else, all security mechanisms are inherently flawed, the only thing that separates good security from bad security is the degree of work an attacker has to do in order to by-pass it. A security mechanism cannot be perfect, but it has to be at least good enough for the purpose.

Security is not some “self contained” entity

But a chain of mechanisms, governed by a set of practices, used (and abused) by an unpredictable number of unknown users (and abusers). Any secure system is just as secure as its weakest link. When that link fails, security is compromised.

Security has to be enforced

Users (and some webmasters, for that matter) often don’t care at all about the security of their online affairs, until it’s breached. People get annoyed when confronted with security checks and requirements. Online security compliance does not come natural and has to be enforced, not only for your users, but for your system, also.

Do not assume safety

You must never assume your system is safe just because this or that scenario is highly unlikely to happen. If it can happen, however low the odds, it will happen at some point. You can count on mankind’s general ill will for that. Be prepared with counter-measures, forget assumptions.

Be the first to rate this article:


Leave a Reply

Your email address will not be published. Required fields are marked *

Allowed HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Subscribe to article comments   Subscribe to all comments