4.7. Security
Sam asked me to stop by for a cup of coffee. He sat with a perplexed look on his face. I inquired about the idea that he was mulling over.
He said, "I watched a TV show last night about a guy who broke into a computer system and stole information worth millions of dollars. What happens if someone breaks into my system?"
"Well, how much is the information in your system worth?" I asked.
"OK, not millions, but maybe in the tens of thousands," he replied.
"We should perform a risk analysis, before we get too involved in the detailed design of the system," I responded.
Security encompasses a broad range of issues including access protection, attack prevention, data backup, and data security . You can find a detailed discussion of security issues in Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson and Ross Anderson (Wiley, 2001). You should consider security from the start of the design. You should perform a risk analysis to determine the risks, the probability of their occurrence, and the cost if the risks materialize. Once you've identified the risks, you can employ appropriate measures, including structuring the design to meet those risks.
Many books explain how to write secure code. Two are Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw (Addison-Wesley Professional, 2001) and Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk (O'Reilly, 2003). ...
Get Prefactoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
