| Agile_tester 2006-08-28, 8:05 am |
| > estherschindlerwrote:
I'll check out James' stuff.
>
> Not everybody is an expert... or can be. Often, us poor slobs have
to
> ensure our code is secure despite the certainty that we're doing it
> right. How do YOU do it?
>
> Esther
One thing I learned (actually from James on Eurostar this year) that
sometimes security is captured in one DLL. If that DLL doens't
contain a return value (to verify that the DLL is actually working)
then this can easily be replaced by a textfile that has the same
name.
For instance, Microsoft uses this for their rating functionality in IE
(for not being able to visit adult sites). All rating is done in the
MSRATING.DLL file. If you replace this with a textfile and remove the
dll then the rating functionality doesn't work anymore.
If you as a parent have this 'security' on your pc and you have a
14-year old in your home, check out your c:\winnt for this ;-)
Learning point: The weakest points are there were the security is only
one layer thick.
Posted from the Dutch software testing community at www.testforum.nl
|