, but it doesn't matter if they are
not allowed to exercise it.
My 0.02$CURRENCY.
Cheers,
George Capehart
--
George W. Capehart
Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA
With sufficient thrust, pigs fly just fine. -- RFC 1925
Dinis Cruz wrote:
I personally think that AJAX has the potential to create very insecure
applications because it pushes the data validation and authorization layers
back to the client (i.e. the browser)
AJAX brings 'Back the Rich Client' and all its security problems
Kentaro, on your
Yvan Boily wrote:
Hi George,
I think a much more eloquent form of what you are saying is that
validation must be performed each time data crosses a security
boundary.
Hello Yvan,
I absolutely agree. Wish I'd said it myself . . . :)
The challenge is in helping people to understand what
Gadi Evron wrote:
In other words, it's just Javascript. Do your coding securely. I don't
like the big buzz. This is nothing new.
Hola Gadi!
*grin* I absolutely agree. It is absolutely not new . . .
The challenge is in helping people to understand what a security
boundary is.
rant
The
Dinis Cruz wrote:
snip introductory comments
A couple comment on your article:
/... .NET has a built-in security model just like Java. //.NET is type
safe just as Java is type safe. .../
This is only correct when .Net is executed under Partial Trust and Java
with the Security Manager
(and for that matter, all other)
programmers.
You're /*way*/ ahead of the crowd here.
My $0.02.
Best regards,
George Capehart
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Van Wyk wrote:
On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote:
During our conversation, I made a question to Mr.
Hayes similar to this: Is it possible that only
software development process improvements can produce
secure software?