[HN Gopher] How to secure anything
___________________________________________________________________
How to secure anything
Author : arberavdullahu
Score : 75 points
Date : 2022-02-22 12:12 UTC (10 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| jnalley wrote:
| Pretty good anthology of info here, but, no commits in over a
| year ?
| wanderer_ wrote:
| Hmm, probably outdated then.
|
| :)
| mooreds wrote:
| If you are interested in this topic, can't recommend this book
| enough: https://www.cl.cam.ac.uk/~rja14/book.html
|
| The 3rd edition is expansive (1000 pages, plenty of references)
| but readable. Free PDFs of previous editions are available at
| that link.
| 1970-01-01 wrote:
| This list comes up often without discussion:
| https://news.ycombinator.com/from?site=github.com/veeral-patel
|
| It's a nice list, but still missing core concepts such as backups
| and system availability.
| dsr_ wrote:
| This is missing an extremely important upfront concept: you need
| to know what you're protecting and how valuable it is.
|
| It does no good whatsoever to require every user of a grocery-
| list app to have a Yubikey to verify their identity. It might not
| even make sense to have users login at all.
|
| The balance between usability and security must be consonant with
| the costs of implementation.
| mooreds wrote:
| Unfortunately, if you force users to pick between usability and
| security, they'll ignore security every time.
|
| Or as I often say "no one ever says, 'wow, that was a great
| login experience', they just want to get to the features behind
| that experience (hopefully securely behind it)".
___________________________________________________________________
(page generated 2022-02-22 23:00 UTC)