Chapter 5


  1. The version is split into major version x and minor version y, with the informal intention that minor versions are largely backward-compatible, whereas major versions require adjustment when deployed to replace an older major version.

  2. Although a user's deliberate or inadvertent revealing of a password is beyond the control of the software supplier, the software can include heuristics to check password quality (Is it long enough? Is it in the dictionary? Does it include numbers as well as alphabetic characters?). The software can also maintain a history of previously used passwords and prevent the reuse of old passwords within some (long) time window.

  3. A firewall can also be realized as software running on commodity hosts or within standard network routing equipment. Firewall software is also available to run on a single host (like a home desktop computer) to isolate that host from the network.

  4. The AT&T Privacy Bird (<http://privacybird.com/>) is an Internet Explorer plug-in that translates P3P documents into easily understood text and can issue privacy warnings to the user.

  5. The usual explanation for this is that the Internet arose from an academic and scholarly environment that was trusting of all users. A more accurate, second explanation is that keeping the network simple while adding capability at the endpoints makes the technology more flexible (this is called the "end-to-end principle" (SalTzer, Reed, and Clark 1984). A third argument is economic: security features should be an add-on because not all users and applications desire them.

  6. Some approaches based on the secure server can ensure that a password is not revealed outside a secure enclave. Also, it is possible to check a password using equivalent information without knowing that password directly. Thus, it is possible (but arguably not the norm) to build fairly secure authentication techniques around passwords.

  7. Note that the secret is provided by and thus is known to the authority, which is responsible for destroying it or not divulging it to others. There are many complications not dealt with here, such as how to recover from the loss of a secret.

  8. Practical and secure authentication protocols are considerably more complex than our description here, which tries to convey the essence of the idea without getting into details. There are many subtleties to consider, and desiging these protocols is best left to an expert.




Software Ecosystems(c) Understanding an Indispensable Technology and Industry
Software Ecosystem: Understanding an Indispensable Technology and Industry
ISBN: 0262633310
EAN: 2147483647
Year: 2005
Pages: 145

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net