Writing Secure Code - Links - September 26, 2008
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Sep 29, 2008
Apologies for this being late. Because of OOW I got a bit behind.
Passwords -- This blog post from the "Blown to Bits" blog talks about problems with passwords. On a personal level - you should have a random password. No words. Just mix of characters. From a developer perspective - do not write your own login code. Almost all frameworks now have their own login subsystem - leverage that. It will allow you to focus on code that is actually core to your business application. Or as I would think - I would not want my friend Quan writing my UI but he knows how to write awesome security code. I know my friend Josh knows how to make awesome looking UI - he shouldn't be writing my security code. And from an enterprise level - make sure you are adopting comprehensive access products such as Oracle Access Manager suite.
"Using Yahoo! Login Mechanisms for Desktop Applications" -- If you want to use Yahoo! for user password management this might be useful to you.
Criminal probe of ex-Lottery employee Launched -- Basically another data leak problem. Remember - when writing apps to make sure you allow for proper auditing. Also make sure to put in hooks that can allow for access controls to be written using a standard like XACML (such as provided by Oracle Entitlement Server). And if you are storing data in a database make sure the application can work with strong security measures like Oracle Database Vault and Transparent Data Encryption. And - if you managing/installing database - make sure you enable these features if your applications can support them.
Schneier On Security -- Bruce Scheier who is the expert on security - has released a new book. I believe it's a collection of his columns, so if you are a regular reader probably nothing new. However, if you are new to this field - you should get a copy. As well as his previous book Beyond Fear. Or if you are up to speed on these books - then be sure to read The Unthinkable: Who Survives When Disaster Strikes - and Why.