Go Back
Posted by: Avonelle Lovhaug
Publication Date: 4/6/2009 9:16:31 AM
“I just want my users to log into my application before using it. Is it really that hard?” my customer asked, frustrated.
Short answer: Yes.
Long answer: It depends.
Look I sympathize. If you think I enjoy all this security stuff, you would be really wrong. Security related issues are NO FUN. No one likes security. Users hate it, so if people have security-related trouble, they think the application is horrible and the programmer is an idiot.
The reason why everyone is frustrated is obvious. Software security is intended to prevent unauthorized users from accessing the application. But users want to access the system. So right away the relationship between the end user and the application is in conflict. Not a good way to start things out.
And as I’ve mentioned before: nothing is simple. Let’s say you just want to restrict access to the system via a simple password, and that all your employees will have the same password.
Great! What happens when an employee is fired?
I guess we should change the password. But how do you notify everyone that the password has changed?
You could email it, but that isn’t very secure.
I guess you can call everyone and tell them. Then again, saying the password out loud isn’t very secure, either.
If your employees are in the office, you can put it on post-in notes on everyone’s computer. Uh, wait…
Perhaps it doesn’t matter. You might never fire an employee. Or perhaps users can’t change data in the application anyway.
But that’s why we have to ask a lot of questions, to weed through the details and make sure we completely understand your security needs. Questions like:
These are only a smattering of the questions that come to mind when thinking about security.
I know it is a pain to answer all these questions. I know it is tiresome and no fun. Trust me. It is important. You’ll thank me later.
Category:
Tags: Think like a geek
Name: Name can't be empty!
Email (optional): Invalid email format!
Your URL (optional):
Comment:
Type the code shown
Top 5 Programmers to Avoid
What everyone should know about bugs
How to tell if an estimate sucks
The Secret to Building a Crappy User Interface
The Problem with Selecting the Lowest Bidder
5 Ways to Control Software Development Costs
From my experience with Avonelle, she can be relied on to deliver whatever she promises--always on time and for the quoted cost. She'll ask the right questions to make sure that what she delivers truly meets the business need. Her expertise has been invaluable. All that at a very reasonable rate!
Kim Merriman, Operations Manager @ HousingLink
Sitefinity ASP.NET CMS