<< Previous <<
[Session1 Index]
>> Next
>>
The ad hoc solution to the user's needs is to create holes in the
security wall, upon which you then set checking software. Such ad hoc
checkers would use an Access Control List (ACL) to determine
who/what is allowed through. Soon it turns out that the initial checker can
be circumvented, so you add another checker, and then the user can't get
something, so you modify both checkers or add a hole...soon you have spaghetti.
Spaghetti is the antithesis of security.
The consequence of ad hoc development of spaghetti security is a user
who is both frustrated and terrified: frustrated because there are still
things he can't do, terrified because he knows, deep in his heart, that there
are now a thousand tricky little ways for him to be harmed by a random hacker
of even modest powers.