ljknews wrote: > I have been involved in a dialog with AJAX fans (which is different from > experts) who say "you security folks just have to bow to the inevitable > and figure out how to secure whatever mechanism we come up with. > This attitude is not unique to AJAX advocates. I remember holding this view myself, while wrestling with the problems of producing a truly transparent distributed operating system in the late 1980s and early 1990s; security was a bother that made things hard(er).
Of course, this is just lifetime employment for security people :) I have certainly made a career out of securing things that are inherently insecure. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Olympic Games: The Bi-Annual Festival of Corruption _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
