[squeak-dev] Namespaces

Jason Johnson jason.johnson.081 at gmail.com
Mon Jul 7 07:15:49 UTC 2008


On Sun, Jul 6, 2008 at 8:36 PM, Igor Stasenko <siguctua at gmail.com> wrote:
>
> I wonder, how you could protect your buggy software from being
> exploited by hacker, when you have no idea where bug is?

Exactly the way we do it now: with lots of security and network
infrastructure to create layers of network so if someone does break in
we can minimize how much of the company is compromised.

> Another example. Suppose i running a server which holding open 1000
> ports for use by anyone. Now someone running a DOS attacks on it, or
> you'd like to ban some IP's, of users which causing problems or
> violate terms of use.

There are various techniques for dealing with DOS attacks that I don't
have time to go into now, but I will say the idea of a DOS attack is
pretty old as are the solutions to it.

> What way,  to your sense is more simpler, better and error proof:
>
> MyServer denyAccessFromIp: 'xx.yy.zz.ww'
>
> or:
>
> Firewall portsFrom: a to: b do: [:port | port denyAccessFromIp: 'xx.yy.zz.ww' ].

This issue is a lot more complex then you make it out to be.  In
actual practice you would be talking about thousands of applications
running under all kinds of different constraints and so on.  Rather
then brow-beat everyone to "stop making mistakes" it's easier to use
infrastructure to minimize the damage that can happen.  The reason
*every company of any size* does it this way is because it's the
easiest and most effective.



More information about the Squeak-dev mailing list