I think that security aspects need to be discussed hand-in-hand with browser
requirements. The more secure you want your app to be, the more you
can/should rely on browser features like file cookies and session cookies
(yummy cookies). But if you want this "drop-dead easy open-source security
module" to work with 90% of existing FB apps, you cannot rely on those
features. But without those features, your security model isn't as strong as
it could be. Catch-22. You should clearly outline the purpose and
implementations of this security model, how it's not the best for online
banking sites, but is fine for ecommerce (maybe?).
Just thinking and dropping change...
-----Original Message-----
From: Eric Buckley [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: <CF_SECURE>
Sounds great. I'm dealing with these issues currently.
-----Original Message-----
From: Steve Nelson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 12:35 PM
To: Fusebox
Subject: <CF_SECURE>
Minor topic change... let's get off the porn and flaming issues and talk
about security in general. It's an important topic that needs
discussing.
I'm writing all the ideas that everyone has been giving me down, and
will publish them when I'm done. Here are the four main areas that I
see necessary to secure...
1. Securing every Fuseaction in one circuit applications
2. Securing every Fuseaction in multiple circuit applications
3. Securing some Fuseactions in a circuit application, but not all
4. Securing certain areas of a single Fuseaction
Does that sound about right to everyone? Am I missing anything? I want
to try and create a drop-dead easy open-source security module that will
work in 90% of all Fusebox applications.
The best way I have found to make something work cross application is to
focus on the concepts, not the implementations. So if you've got
concepts about how to secure a Fusebox app let's hear them.
Steve
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
