Website security
Out of context: Reply #11
- Started
- Last post
- 18 Responses
- comicsans0
It's like any other IT design problem, what are they trying to accomplish (in terms of security) and why? Issues might be making it hacker resistant, protecting customer details against leakage, secure transmission of confidential data.
These are expert matters for grown ups. As a universal rule of thumb, 'secure' systems built by people without security experience will not be secure, in fact will be less secure than doing nothing because there is the false illusion of a poorly built safeguards. You at least know you know nothing, your customer may have just seen some acronyms in a trade paper and imagines that a checklist of these acronyms will bestow security upon him, it won't.
Do your reading, then ask the customer to explain AES and TLS to you, what they are, what they will do for him and why it matters. My instinct is he hasn't got a f**king clue. If he did have he'd be specifying policies like user access privileges not mechanisms like AES.