Most important goals among these are security versus reliability.Reliability often requires developers to write more code (for example, error-handlers) and more code means more opportunity to write bugs. Most of the times these error handlers are under-exercised in testing and chances that it has security bugs is greater.
Error code needs to be carefully checked for security flaws....
Another important opposing factor is performance. The more code that is pushed to the client the faster the server will run.But more code on the client means more opportunity for security breaches because the user has access to the code running on the client...
Usability may be next an opposing target to security. Usability means giving information to users to make the system as easy to use as possible.Easy to use often means easy to hack :-) ..Specifically, when error messages reveal information that is helpful to an attacker.
No comments:
Post a Comment