Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hypothetical design question

From: Nick Lothian <nl () essential com au>
Date: Thu, 29 Jan 2004 00:35:46 +0000
Yes, the application design process, as it exists in far too many
environments, is horribly broken.  No new news there, I 
suppose.  Secure
application design and secure coding are quite different 
matters.  You can
create rather secure code in an incredibly insecure 
application design.
Since programmers are responsible for the code, that portion 
of securing the
application is up to them.  Since they're often excluded from 
the design
process, fatal flaws are injected into the design much 
further upstream.  To
wit:  Outlook's problems aren't due to buffer overflows, 
they're due to an
intrinsically bad design in the name of "innovation" (pronounced
"oh-no-vation" :-).




I have a different point of view here. An email client is a tool that allows
you to send messages. Both executable programs and data attachments (think
word documents) are perfectly reasonable things to want to send from the
users point of view (and if we try to claim that it isn't then we also need
to make a reasonable suggestion for a substitute).

I think either the email client or the operating system needs to protect the
user from malicious programs _by default_ (on a non-professionally
administered system). I don't think an email client can do this, and I'm not
aware of any operating system that really supplies this protection (although
most can be configured to provide some protection. Perhaps capability based
operating systems do this?)

On the other hand, the operating system/email client still needs to allow
one-click execution of attachments - it should just restrict them from doing
malicious things.

Nick
Previous By Date Next
Previous By Thread Next

Current thread: