"Reaction [beta]"

The myth of the secure web application 1 Oct 2007

Simon Willison's post on "Designing for a security breach" got us thinking this morning. A perfectly secure web application is just an illusion since most users' entire online identities are attached to a single webmail account. This, as Willison points out, means that if you can steal my mail account, you can use "forgot password" requests to steal everything else. Scary.

The solution isn't to employ a series of draconian security measures however, it's to employ reasonable security measures and to plan for the inevitable breaches - which is the approach that the OpenID team appears to have adopted.

Next article: The future of search: no keywords
Previous article: Stonehenge rebuilt

Bookmark this page

Add this page to your list of social bookmarks.

Post a comment






Basic HTML (strong, em, a, etc.) is allowed in your comments.

Trackbacks

To create a TrackBack to this entry simply append ping/ to the permalink URL for this page.

Send page to a friend

Enter your email address to subscribe to our free newsletter.
Your email address will never be sold or given out to anybody.