During my career, I have had to implement so many different security packages and systems. I am a developer, though, not a security analyst, and, frankly, this bores me to death. Security, however, is a necessary evil—no one likes his beautiful application played with.

Some of the security packages and systems I used were architected from scratch while others used existing frameworks. Whenever I had to deal with security, I would try to keep it as simple as possible, for easier maintenance and because I knew others would probably be maintaining the application. But the system always had to be secure and reusable with all the interdependent sites and applications. And because security needs to be integral, it always required ...