A Blog for Graymad
Musings about ASP.NET and more...by G. Andrew Duthie
-
The Importance of the Principle of Least Privilege
My two favorite people to read on the subject of security are Michael Howard and Keith Brown. In a recent posting, Keith explains the Principle of Least Privilege, and why it’s important. The most important reason for limiting the security privileges your code requires to run is to reduce the damage that can occur should your code be exploited by a malicious user. If your code only runs with basic user privileges, it’s difficult for malicious users to do much damage with it. If you require users to run your code using administrator privileges, then any security weakness in your code could potentially hand control of that machine (and potentially other connected machines) to malicious code that exploits that weakness.
-
angryCoder on going Independent
Jonathan Goodyear, aka angryCoder, has posted the second article in a series he’s doing on becoming an independent consultant (you can find the first part here). In this installment, Jon talks about marketing yourself, and about how to get your customers to come to you (rather than the other way around).
-
Microsoft Baseline Security Analyzer 1.2
Version 1.2 of the Microsoft Baseline Security Analyzer, an essential tool for keeping up with the latest patches and security settings on your machines, was released today.
-
Mark the Date(s) - DevDays 2004
DevDays 2004 is coming in March to a venue near you! This year’s DevDays focuses on two tracks, both oriented around best practices. The Smart Client track will speak to best practices for development, security, and deployment of Windows client applications, while the Web Development Trackwill focus on security in Web applications.
-
Wow.
Probably one of the best reasoned arguments I’ve heard in a long time…would that I could argue stuff half as well. And it’s not even about politics (unless you count XML validation as political…oh, never mind).
-
AppDomains ("application domains")
If you haven’t seen Chris Brumme’s explanation of AppDomains, you owe it to yourself to take a look. It’s an older link (posted in June of last year), but well worth re-posting:
-
I want one...
The first 1 terabyte (you read that right!) external drive. Firewire 400/800, USB 2.0/1.1 compatible. Whoa.
-
Good News / Bad News with Win2K3 Web Edition
Over the last couple of days, I’ve been spending a good deal of time reviewing the security of the web sites I host. I run my sites on a server sitting on a fractional T1 in my office (I like to have physical access to my web server, which is why I don’t use a hosting service). Originally, my web server had been sitting behind my wireless router which simply passed all port 80 traffic to the public IP address to the web server. But I found that for a variety of reasons, I wanted more direct control over how traffic is routed to various sites that I host. So I moved the web machine from the wireless router to directly connect to the T1 router using its own IP address. The dilemma was that since I leave the T1 router relatively open (filtering NetBIOS ports, but not much else) and lock down traffic at the second router, connecting the web server directly would leave it open to port scans and attacks, right?
-
OK, maybe I'm late to the party, but...
…it looks like someone’s finally come up with a sensible use for Internet-connected appliances:
-
REVIEW: I'm a convert to NewsGator
For a long while, I resisted the notion of paying for an RSS aggregator, but I just broke down and plunked down $29 for NewsGator. Up until fairly recently, I had resisted even trying NewsGator, being fairly happy with SharpReader (which I still consider to be an excellent tool, especially given that it's free). But then I started having problems with entire feeds' worth of posts disappearing suddenly, meaning I could no longer search for information in them...one of the reasons that I used an aggregator in the first place. So I decided to give NewsGator a try.