22 May 2002 bjgm   » (Apprentice)

I agree with jtansen in regards to SOAP / Security discussions, and CGI (and JSP / Servlet, etc) developers have had to deal with this for quite a while now. It all comes down to the fact that, as always, software developers need to be aware of the security issues involved in their work, and to take that into account when writing their code.

Every week it seems a good half dozen security bugs are reported that involve buffer overflow / mishandling of user input! The fact that you must very carefully validate and manage all information which is input into your program / system should be common knowledge to everyone by now. At what point are people going to start using this knowledge, as a whole.

I guess it all comes down to education, and that I don't think a single Java book I have read has done a good job of talking about security issues in relation to Java programming (and I don't mean the security APIs, which are a different issue altogether). It is a mindset that must be explained, a certain level of paranioa or mistrust which the programmer must have towards the users and external data sources which come into their system.

I apologize if I digress, but to summarize, I don't feel that SOAP security is anything new / different from the same kinds of issues that most programmers don't deal with well / at all, and cause the kinds of insecurity that we see in most systems.

I have been reading the last few evenings (and Sunday), rather than working on Symbiosis, but I keep to come up with / document ideas I have to work on. I have been reading "Nothing on My Mind", which is a book about a Man's journey through life at Berkely in the 60's, doing lots of drugs, and eventually discovering Zen meditation.

I am not sure, as I am not done the book is, what the "point" of the book is, or perhaps it doesn't even have one, as is true with a lot of these kinds of books. I am at least happy, based on the author's experience, that I didn't experiment with drugs in my youth, and I have never heard of extreme drug use causing someone to be "enlightened". I think I will stick to the slow and steady approach.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!