Step 8: No Back Doors


It’s common for developers and system administrators to want to put back doors into an application. A back door is a type of shortcut—a way for people to bypass security. Examples of back doors include secret command-line switches that start the application in an insecure mode, all-powerful developer logon accounts, and logon accounts with blank or easy-to-remember passwords. Back doors are usually created to speed up implementation (so developers don’t have to go through tedious security checks to test their code) or as a safeguard in case developers inadvertently lock themselves out of the system while developing it.

There are three major problems with putting in back doors:

  • Back doors hide usability problems If the system is too inconvenient for the developers to use, the chances are that users will also find it inconvenient.

  • Back doors never get removed If developers have free rein to add back doors, the back doors will likely stay in the product when it ships, creating a security flaw. The best option is never let back doors get added in the first place.

  • Back doors hide security flaws A lot of bugs are discovered simply by developers using the applications as it’s being developed. If developers are using back doors to access the system, they are not using—and therefore testing—security features.




Security for Microsoft Visual Basic  .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net