bobsneidar at iotecdigital.com
Mon Jan 6 10:52:04 EST 2020
I agree. It's easy to imagine that one can acheive absolute security, but in practice it is impossible by nature. Just someone standing over your shoulder or putting a spy camera in place is all that would be needed. The idea then is to make it as difficult and impractical as possible given the resources you have.
> On Jan 3, 2020, at 13:59 , Richard Gaskin via use-livecode <use-livecode at lists.runrev.com> wrote:
> Inputs often pose a bigger risk than core dumps.
> Where you ask:
> "Any suggestions to make it as secure as possible?"
> ...we might instead ask:
> "Any suggestions to make it as secure as *practical*?"
> ...or even:
> "Any suggestions to make it as secure as *cost-effective*?"
> There are always ways to make things more secure. The hard part is defining an appropriate level of effort relative to the importance of the secret.
> Consider this scale of 1 to 5, in terms of how hard people work to keep things secret:
> 1. My app's reg code
> 2. A user-defined password
> 3. A user's social security number
> 4. Nuclear secrets
> 5. Trump's tax returns
> If it's #1 I wouldn't spend more than half an hour thinking about it, for so many reasons covered in this list before.
> #2 is worth spending some time on, but better hashed than encrypted.
> #3 or above will require an understanding of the system to provide useful guidance.
> Richard Gaskin
> Fourth World Systems
More information about the use-livecode