On 11/17/05, Dinis Cruz <[EMAIL PROTECTED]> wrote:
isn't creating an environment where you don't need to know what's going on 'under the hood' a good thing? It reflects good class design and is what blackboxing and encapsulation is all about. Not only does this help simplify the api's but it also helps prevent your security problem. With well defined methods to limit the interaction one has with a 'secure object' it shouldn't matter how u use it, it should stay secure. - nabiy
-- From: "James Tucker" <[EMAIL PROTECTED]>
You are talking about user APIs, I am talking about what is happening under the hood.
Yes developer's APIs have been simplified, but that creates an environment where nobody really knows what is happening and how things work. A lot of security vulnerabilities occur when you glue together two secure objects in ways never predicted by the original developers...
isn't creating an environment where you don't need to know what's going on 'under the hood' a good thing? It reflects good class design and is what blackboxing and encapsulation is all about. Not only does this help simplify the api's but it also helps prevent your security problem. With well defined methods to limit the interaction one has with a 'secure object' it shouldn't matter how u use it, it should stay secure. - nabiy
http://nabiy.sdf1.org . http://sdf.lonestar.org
The Super Dimension Fortress Public Access Unix System
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
