I was a big believer that SSL was never going to be compromised… until it was. 
The retooling of industry security standards over the last 6 years or so has 
taught me the opposite: NEVER rely on out of the box security if you can help 
it.

Asking a web server to get data and return it introduces a lag time which I am 
already struggling with. And if I DID use a web server, I would still have to 
go through extraordinary measures to secure THAT!

By “rolling my own” (I’m not really, I’m using LC’s built in AES encryption 
with a twist) I am ensuring that even if someone were able to grok my poison 
pill approach, and then brute force the hash, it would only work for that one 
instance. THEY STILL would have to brute force any password data in the 
instance, and they would have to do the same process all over again with the 
next intercepted next transmission.

Bob S


On Apr 6, 2020, at 9:10 AM, Richard Gaskin via use-livecode 
<use-livecode@lists.runrev.com<mailto:use-livecode@lists.runrev.com>> wrote:

Two rubrics that have saved me much time, effort, and unrest:

1. Unless you have a specific reason why another protocol is truly
  necessary, use HTTP.

  Tooling, documentation, simplicity, extensibility - it's all there,
  ready to use, right now.


2. Never roll your own security.

  Consider all the hours spent developing, testing, refining,
  reporting, revising, packaging, documenting.  No single human
  will ever replicate even a corner of that in an entire lifetime.
  And there's no need, since most of the best security options are
  Free and open.


--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web

_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to