in reply to Re: Re: security questions
in thread security questions

Secure for everyone and everything can not be done in any system of a decent size. In practice, there is always a point where the cost of closing a potential hole will be so high that you'd be better off not implementing the feature.

For instance: do you want to protect yourself against users putting up "illegal" content? (yes, there is such a thing, at least where I live)

Other example: what about DOS attacks?

It's a matter of risk vs usability vs cost of implementation. You really should read the OWASP guide if you want to know about more potential problemns.

Joost

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Replies are listed 'Best First'.
Re: Re: Re: Re: security questions
by kutsu (Priest) on May 21, 2004 at 18:39 UTC

    Along with Joost's suggestion of reading OWASP guide, I would also recommend looking at the www-security faq, it's been an excellent reference for me.

    "Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce

[reply]

In Section Seekers of Perl Wisdom