I agree. It's easy to imagine that one can acheive absolute security, but in practice it is impossible by nature. Just someone standing over your shoulder or putting a spy camera in place is all that would be needed. The idea then is to make it as difficult and impractical as possible given the resources you have.
Bob S > On Jan 3, 2020, at 13:59 , Richard Gaskin via use-livecode > <use-livecode@lists.runrev.com> wrote: > > Inputs often pose a bigger risk than core dumps. > > Where you ask: > "Any suggestions to make it as secure as possible?" > > ...we might instead ask: > "Any suggestions to make it as secure as *practical*?" > > ...or even: > "Any suggestions to make it as secure as *cost-effective*?" > > There are always ways to make things more secure. The hard part is defining > an appropriate level of effort relative to the importance of the secret. > > Consider this scale of 1 to 5, in terms of how hard people work to keep > things secret: > > 1. My app's reg code > 2. A user-defined password > 3. A user's social security number > 4. Nuclear secrets > 5. Trump's tax returns > > If it's #1 I wouldn't spend more than half an hour thinking about it, for so > many reasons covered in this list before. > > #2 is worth spending some time on, but better hashed than encrypted. > > #3 or above will require an understanding of the system to provide useful > guidance. > > -- > Richard Gaskin > Fourth World Systems _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
