• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Application Security...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Application Security...

  • Subject: Re: Application Security...
  • From: Joshua S Emmons <email@hidden>
  • Date: Wed, 19 Feb 2003 13:49:23 -0500
Well, first off, having a similar problem elsewhere doesn't really make it less of a concern for me on my platform.

I think that the point is, you can only trust any given security model so far. If you're talking server security, you may have kerberized passwords, ssh-only logins, etc. But if anyone can walk into your server room and flip off the power switch/steal the hard drive/whatever, well, kerberos isn't going to stop that.

You may try to encase your server is a solid block of iron to prevent an attacker from messing with the hardware. But, unfortunately, there are legitimate reasons to have access to server boxes -- like upgrades and repairs.

So, you put the server in a room, you lock the door to the room, and you hope that nobody is stupid enough to forget to lock the door when they leave.

Well, it's the same with applications (on ANY platform). There are legitimate reasons to watch user input (to respond to it!) or to delete files, so you have to allow these things. You just have to hope that a user isn't stupid enough to run a program they don't have reason to trust.

This is not to say that you shouldn't put whatever safeguards on the process that you can. If you can buy a door for the server room that locks automatically and is particularly difficult to pick, you should. In the same way, there's no (legitimate) reason to go around deleting system files, and doing so would have catastrophic effects on your OS, so they are given special permission. Can a program still delete these files? Yes, but not without asking the user to take special steps (in cocoa, at least, applications cannot be SUID). You have to trust that the user will not take such steps blindly.

Applications must trust users. So when it comes down to it, the limitation of application security is user intelligence (or stupidity). If a user is easily manipulated, misinformed, fooled, or is just an idiot, then it is easy to write programs for said user to run that will sniff passwords or trash his/her system.

But applications HAVE NO CHOICE but to trust the user, regardless of his/her education. I don't know the exact definition of "application" but I'm sure somewhere in there it talks about "interactively performing some service for a user". As long as programs are driven by (human) input, they will have to trust humans. As long as programs are trusting humans, they cannot be inherently secure.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Application Security...
      • From: "Sven A. Schmidt" <email@hidden>
References: 
 >Re: Application Security... (From: "Sven A. Schmidt" <email@hidden>)

  • Prev by Date: Can't cache image ?
  • Next by Date: NSString and C string
  • Previous by thread: Re: Application Security...
  • Next by thread: Re: Application Security...
  • Index(es):
    • Date
    • Thread