RE: Application Security...
RE: Application Security...
- Subject: RE: Application Security...
- From: "Salter, Adam Q" <email@hidden>
- Date: Thu, 20 Feb 2003 17:01:25 +1100
>
> I think that the point is, you can only trust any given
>
security model
>
> so far. If you're talking server security, you may have kerberized
>
> passwords, ssh-only logins, etc. But if anyone can walk into your
>
> server room and flip off the power switch/steal the hard
>
> drive/whatever, well, kerberos isn't going to stop that.
>
>
Absolutely. My point was that I'd feel better if the server
>
room's door
>
was actually locked.
>
>
Again, I think it's easy to sniff on text fields and I'd be
>
relieved to
Although I might not have conveyed it well, people seem to have addressed my
concerns. Basically Cocoa is transparent by design. Objects are
interchangeable at all levels and loosely interconnected to allow for
dynamic changes in the environment... But this essentially means that if
you/I want to design a "secure" application I have to only store none vital
information... If at any point a password is contained in my application
unencrypted then it is "visible" to others... by design.
With the server example it's like living in a glass house... you put the
server in the basement and you have a key (and where do you hide the key?),
but everything else you do is visible by your neighbours... you have to be
very aware of what is "private" and what is "public" knowledge, ... Don't
want to be hanging your dirty laundry in public (there's an Oscar Wilde
quote that escapes me here ;).
Of course all other models have security concerns as well... and visibility
concerns... but we all love Cocoa because it is sooo easy to see what is
going on - no assembly, memory registers, messy pointer passing functions,
etc (although you can have that if you need/want). I just felt that it would
be terribly easy to watch exactly what is going on in my application and
that is a concept I have to get used to.
Security comes down to good planning and a knowledge of the risks... Well I
now have a better idea of the risks and can plan accordingly...
Is there a code scrambler for Cocoa? This would create a level of security I
suppose (I'm not really worried ATM to be honest - just talking
theoretically).
I guess it is a similar situation to Web design where all the HTML/JS code
is downloaded a visible to the client...
Thanks all,
Adam
Ps The other problem is IP, if people can see inside your app then they can
reverse engineer a similar solution - again something I have to get used
to...
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.