On 9/19/2011 1:20 PM, José Ventura wrote:
>
> I'm not sure whether making the default value "on" will actually
> improve security as a whole. If a developer hasn't given thought to
> security, there are plenty of other pitfalls that may compromise an
> application (e.g. "where should I store the (previously unneeded yet
> now required) username and password?").
>
> On the other hand, if s/he did in fact think about security, then odds
> are that are a simple, concise documentation will point him/her to
> happily turn on the switch with minimum nuisance, and proceed to
> secure the rest of the application.
>
I think this is a very good point. The claim of "secure by default" is
a very strong claim and may give a false sense of overall security.
Some things, like encryption and perhaps stricter security manager
settings are not part of the default, but might be an important part of
actually securing a particular application. I agree it is good for the
application developer to plan security and for us to make it as easy as
possible for them to do so from a Derby perspective.
Perhaps the conversation of the default is premature. Perhaps we
should first nail down the easy security knob and understand its
behavior and usefulness and then discuss whether it should/could be the
default.
Kathey
|