Masem wrote:

You have to decide where you are going to pack the security features; if you do it in perl, you lose orthogonality, if you do it on the file system, you lose 'security' by your thoughts (please correct me if I'm wrong).

You understood me correctly. My thoughts on security are pretty simple: if they're out to get you, paranoia makes good sense.

Who are 'they'? Anyone who's not Ovid. What does 'out to get you' mean? Doing anything which may affect my code and what it does, whether or not it's intentional. I try to be ultra-paranoid when I write a CGI script. As a result, I don't want to trust anything outside of my code. Of course, I can't stop another programmer from going in an changing my code, but I don't want my code to be dependant upon what others have done. I suppose it's just finding a balance between what's reasonable and what's so frickin' stupid (perhaps my code?) that I deserve to be shot for writing it. Realizing that operating systems often have a certain level of security built into them, perhaps I can rely on this. On the other hand, I have a significant weakness in that I don't understand much about the operating systems themselves, or how they are set up. I tend not to want to rely on something that I don't know well.

Hmm... obviously I need to learn more about this area.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

One of the things that I thought about this is that generally, security and orthogonality cannot coexist, or better stated: (level of security) x (level of orthogonality) = constant. A more secure system is going to have multiple checkpoints, which will defeat the purpose of orthgonality (though not the ability of code reuse). Orthogonal code will be less secure because of the lack of interaction between security mechanism.

Go back to the car example: most automatics will not let you start the engine if the car is not in park, which means any orthogonality between the ignition and the transmission is gone. But, because of this, there is an increase in 'security' in that you won't be stripping gears or wearing the engine because of improper usage of either system.

So the problem of security vs orthogonality comes down to the programmer (and possibly job description) to decide where they want to be; in your (Ovid's) case, you want to be ultra-strict, which means multiple checks, which means that systems need to be less orthogonal to make everything work. Someone else might feel that because of multiple programmers that are working on a project, orthogonality is an absolute must, and security measures may fall due to this. There's no right or wrong answer to "how secure is secure" or "how orthogonal is orthogonal"; it's all going to depend where the emphasis is to be placed by the programmer.

So when faced with problems like these, the best way to approach them is exactly how your test case did: you ask a number of people for opinions: since everyone has a different idea where security/orthogonality should be, you'll get a number of solutions that sit along the curve given above, and you can choose a solution that is near the point where you desire.

---

Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain

   MeowChow                                   
               s aamecha.s a..a\u$&owag.print

Hmm, I saw that suggestion working in a different manner: searching directories (either on the fly or updating at intervals depending on number of directories and how rapidly the system needs to respond to changes), and building a paths data structure from that, which could then be used to verify the user-input as in Ovid's example.