Difference between revisions of "Security"

From MgmtWiki
Jump to: navigation, search
(Problem)
(Problem)
Line 8: Line 8:
 
==Problem==
 
==Problem==
 
*Security is not a feature of the internet, it is an add-on. Even current activity, like [[OAuth 2.0]] and [[OpenID Connect]] are successful, not because they are secure, but because developers like the freedom they offer. For details on that see the page [[Bearer Tokens Considered Harmful]].
 
*Security is not a feature of the internet, it is an add-on. Even current activity, like [[OAuth 2.0]] and [[OpenID Connect]] are successful, not because they are secure, but because developers like the freedom they offer. For details on that see the page [[Bearer Tokens Considered Harmful]].
 +
* https://www.zdnet.com/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/ Study Shows Programmers Will Take the Easy Way Out and Not Implement Proper Password Security]."Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product. The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner. The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website. Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor. In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the necessary skills to develop a secure system from scratch."
  
 
==Solutions==
 
==Solutions==

Revision as of 16:32, 8 May 2019

Full Title or Meme

For the purposes of Identity Management Security applies to authorizing access only to the legitimately identified user and protection of User Private Information.

Context

  • Security in computer science covers a broad range of topics, like Availability that are not addressed in this wiki.
  • While some security experts might feel that, in theory, Privacy is a part of security. In practice security and privacy are often at odds and need to be addressed as separate issues by separate sets of proponents.

Problem

  • Security is not a feature of the internet, it is an add-on. Even current activity, like OAuth 2.0 and OpenID Connect are successful, not because they are secure, but because developers like the freedom they offer. For details on that see the page Bearer Tokens Considered Harmful.
  • https://www.zdnet.com/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/ Study Shows Programmers Will Take the Easy Way Out and Not Implement Proper Password Security]."Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product. The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner. The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website. Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor. In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the necessary skills to develop a secure system from scratch."

Solutions

References