Sujet : Re: BridgeWorks
De : clubley (at) *nospam* remove_me.eisner.decus.org-Earth.UFP (Simon Clubley)
Groupes : comp.os.vmsDate : 24. Jul 2024, 13:23:22
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v7qrnq$1nu4n$2@dont-email.me>
References : 1 2 3 4 5 6 7 8 9
User-Agent : slrn/0.9.8.1 (VMS/Multinet)
On 2024-07-23, Dave Froble <
davef@tsoft-inc.com> wrote:
On 7/22/2024 1:47 PM, Simon Clubley wrote:
>
One simple example would be that a new form of injection attack is
discovered and it is discovered the old applications do not handle
it correctly. In addition, and making the problem far worse, the
problem may not be in the application code itself, but in one of
the language libraries that the application uses.
>
Ah, Simon, how does any of what you mention get through a secure environment,
and if it cannot, what does anything matter to what is behind that secure
environment.
>
The injection attack is usually buried within the data that the "secure"
system processes.
The real question: is the environment secure?
>
No. You only think it is. There is no such thing as a secure environment.
There is only such a thing as a more-secure environment.
If the environment is not secure, what difference is there about whether the app
implementation is supported, whatever that means?
>
Because when it is shown to be insecure, you no longer have the means
to fix the problem, especially if the insecurity is within a language
RTL, or in generated code that you have no direct control over.
Simon.
-- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFPWalking destinations on a map are further away than they appear.
BridgeWorks
Re: BridgeWorks