Chapter 6: The Myth about Secure Configuration
| | ||
| | ||
| | ||
Overview
Many applications allow their users to change the server settings that affect system security. By adjusting the security parameters of an application, the system administrator can increase the total security level of the system.
In most cases, increasing the security level with such methods inconveniences users, reducing the features of the system and complicating the implementation of certain features for system programmers. At the same time, an administrator who uses directives aimed at strengthening the system's security is deluded about how secure the system is.
As practice shows, most configuration directives of server software aimed at increasing security can be circumvented by attackers .
When a Web application programmer uses a correct approach to development from the point of view of security, he or she can achieve similar results. However, the programmer has more opportunities to control the security of a Web application without making it inconvenient for users or making it too complicated.
In some cases, the opposite situation takes place. Some settings of server software make the system convenient for the programmer but strongly decrease the system's security. In addition, applications created with an assumption that certain settings are enabled cannot be ported to systems that lack these settings.
Nevertheless, well-designed Web applications can work in any system without losing security or functionality.
| | ||
| | ||
| | ||
