On Mon, 13 May 2002, SHEETS,JASON (Non-HP-Boise,ex1) wrote:
> Yes even if you take some steps to protect your code it may still be
> distributed, but it WILL be distributed if you don't.
> Think about security, as a sysadmin I can't just not apply security updates,
> you apply every security update you can even though someone a determined
> cracker can still get into your box you eliminate most of the script
> kiddies.
> Just because you can circumvent something does not mean it is not worth
> doing, there is a trade off, security and usability to make something
> completely secure you make it completely unusable you need to find a middle
> ground with your systems and your code.
> As far as banks being robbed, yes they may be robbed but we still lose less
> money than if left the vault unlocked and just told people to help
> themselves.

The situations are not analogous.

Putting locks on a bank vault increases the amount of time it takes to get 
in, which increases the risk to the robber. This is a powerful 
disincentive, and leads robbers to choose other banks instead of yours.

Also, after someone does manage to get through all your vault locks, the 
next person who wants to break into the bank still has to go through all 
the work again.

Putting locks on software, on the other hand, doesn't increase any risk. 
It may increase the challenge, but for many crackers, this is the number 
one incentive anyway.

And once one person has broken it, it's as good as broken everywhere.

So the return for effort/expense is much lower. The time is better spent 
writing more software for more clients. Or finding better, more honest 


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to