Security
Lets be honest, while I'm sure all of our users are impeccably honest and would never do anything as sneaky as trying to use a script to do the drops for them, it's important that these, and other areas, are properly secured.
Unfortunately, I can't really discuss the measures we use to protect the integrity of the drop system - while security through obscurity is hardly ideal, the principle of defense in depth holds. The idea basically being that you maintain a number of secure layers, information control being one of them, in order to prevent any single flaw from resulting in a complete breach.
I can say, however, that today someone decided to test that out. Needless to say I wouldn't be smiling about it if I hadn't already anticipated the attempt and had countermeasures installed. Suffice to say I'm pretty pleased with how it all worked out :)
Unfortunately, I can't really discuss the measures we use to protect the integrity of the drop system - while security through obscurity is hardly ideal, the principle of defense in depth holds. The idea basically being that you maintain a number of secure layers, information control being one of them, in order to prevent any single flaw from resulting in a complete breach.
I can say, however, that today someone decided to test that out. Needless to say I wouldn't be smiling about it if I hadn't already anticipated the attempt and had countermeasures installed. Suffice to say I'm pretty pleased with how it all worked out :)
Labels: defense in depth, entrecard, security
posted by PhiRatE at
7:31 PM
0 Comments:
Post a Comment
<< Home