|
|
Posted by Gary L. Burnore on 10/21/07 21:07
On Sun, 21 Oct 2007 22:55:01 +0200, Michael Fesser <netizen@gmx.de>
wrote:
>.oO(Jerry Stuckle)
>
>>Gary L. Burnore wrote:
>>>
>>> Security is about many things of which prevention is one.
>>
>>No responsible person in the security field will ever claim that.
>>
>>There is no such thing as "prevention". That would indicate that
>>something can't happen, which is impossible to do.
>
>If a file is stored outside the document root, it can't be accessed by a
>URL. That's prevention.
>
>If you allow the user to submit a value out of [1, 2, 3] to a form
>processing script and check it against the set of allowed values, they
>can't inject a 4. That's prevention.
Right. A good form of security. Not the only one, but one.
>
>>For instance, banks have been trying to prevent robberies for hundreds
>>of years. Nowadays they have CCTV, armed guards, vaults, silent
>>alarms... the list goes on. But they still get robbed. Because there
>>is no "prevention".
>
>There are things that _can_ be prevented and there are things were you
>can just lower the probability of it to happen.
>
Exactly.
--
gburnore at DataBasix dot Com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
===========================================================================
Navigation:
[Reply to this message]
|