Before reading further... Are you looking for great Linux hosting from a company that cares about GNU/Linux? Pick Dreamhost hosting, get a 10% bonus to the disk space (and support Free Software Magazine in the meantime!)
I'm relatively new on Free Software, is very dificult to me using free software developing tools because I have learned developing with the Microsoft's tools from the beginning.
Then a teacher showed to us about the free software alternatives for developing and I was interested on them. One of my worries about the free software is this:
If I get for free all the source code of an application (like the database connection, encryptation algorythms, functionality) developed for my clients, everybody could know how this application works and maybe how to hack it!
I think is O.K. with generic libraries or applications that do not need of security and private infromation but what about the other ones?
If there are any documentation about this or a design way to maintain the user information secure, please share it with me.
Best answer
Hi,
I personally found this very interesting:
http://en.wikipedia.org/wiki/Security_through_obscurity
OR Bruce Peren's view:
http://slashdot.org/features/980720/0819202.shtml
Or again:
http://www.bastille-linux.org/jay/obscurity-revisited.html
Basically, security through obscurity is rarely considered security...
Merc.
Candidate best answers
Buzz authors
All news
Other sites
- The Top 10 Everything (Dave). The good, the bad and the ugly.
- Free Software news (Dave & Bridget). All about free software -- free as in freedom!
- Book Reviews: Illiterarty (Bridget). Book reviews, blogs, and short stories.
Hot topics - last 21 days
-
Unjustifiable Criticism of Richard Stallman by Linus Torvalds
Paul Gaskin, 2008-11-17 -
Mixing free and proprietary software: not a rosy future
Ryan Cartwright, 2008-11-13 -
How to help build a free software search engine and use it too. Welcome to Wikia
Gary Richmond, 2008-11-19 -
Freedom is an enabler, not a feature
bogdanbiv, 2008-11-15
Hot topics - last 60 days
-
Why is The Bizarre Cathedral licence "non-free"?
Ryan Cartwright, 2008-10-21 -
Unjustifiable Criticism of Richard Stallman by Linus Torvalds
Paul Gaskin, 2008-11-17 -
Mixing free and proprietary software: not a rosy future
Ryan Cartwright, 2008-11-13 -
Fighting the "legacy" reputations of GNU/Linux, seventeen years later
Ryan Cartwright, 2008-10-13 -
Becoming a free software developer, part V: When and where did you learn?
Rosalyn Hunter, 2008-09-24
Dedicated server
"a design way to maintain the user information secure"
Submitted by wig on Tue, 2007-03-13 10:43.
Vote!The user information, the private information, and other information of the client should not depend on the source code being open to look at.
If a program is well made - which can be checked if 1) the source is open and 2) you have the knowledge - the user data and configuration should be stored in a safe way, on a safe place. Config data might be in a protected directory, passwords be scrambled in the database etc.
If you use free software for in-house development, and you wish to share the code, just take care not to share your data and the configuration of your production environment.
We do development on a second database (free software - so no extra license needed), with a set of "fake" data. From this environment we share code to external and/or we share code to our production environment. So if something go wrong, we might only "lose" this fake data and configuration.
Good luck with your further discovery and use of free software.
A few links...
Submitted by Tony Mobily on Tue, 2007-04-24 14:03.
Vote!Hi,
I personally found this very interesting:
http://en.wikipedia.org/wiki/Security_through_obscurity
OR Bruce Peren's view:
http://slashdot.org/features/980720/0819202.shtml
Or again:
http://www.bastille-linux.org/jay/obscurity-revisited.html
Basically, security through obscurity is rarely considered security...
Merc.