bobsneidar at iotecdigital.com
Mon Apr 6 13:32:12 EDT 2020
I was a big believer that SSL was never going to be compromised… until it was. The retooling of industry security standards over the last 6 years or so has taught me the opposite: NEVER rely on out of the box security if you can help it.
Asking a web server to get data and return it introduces a lag time which I am already struggling with. And if I DID use a web server, I would still have to go through extraordinary measures to secure THAT!
By “rolling my own” (I’m not really, I’m using LC’s built in AES encryption with a twist) I am ensuring that even if someone were able to grok my poison pill approach, and then brute force the hash, it would only work for that one instance. THEY STILL would have to brute force any password data in the instance, and they would have to do the same process all over again with the next intercepted next transmission.
On Apr 6, 2020, at 9:10 AM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com<mailto:use-livecode at lists.runrev.com>> wrote:
Two rubrics that have saved me much time, effort, and unrest:
1. Unless you have a specific reason why another protocol is truly
necessary, use HTTP.
Tooling, documentation, simplicity, extensibility - it's all there,
ready to use, right now.
2. Never roll your own security.
Consider all the hours spent developing, testing, refining,
reporting, revising, packaging, documenting. No single human
will ever replicate even a corner of that in an entire lifetime.
And there's no need, since most of the best security options are
Free and open.
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
More information about the use-livecode