Quote:
Originally Posted by ruteckycs
As for security, I guess you have to ask yourself how likely it is someone will be attacking / routing packets for your customers computers
|
That's not the question you should be asking. What you should be asking is, "Do I want to code this securely or not?"
Cookies are pretty easy to exploit, and although you may not care about the data or think it's worth hacking, someone else might. Oftentimes hackers go for the "low-hanging fruit" (the easy stuff), so why make it any easier for them?
I often hear the argument that "this data isn't important" or "this data isn't worth anything". In the first instance, it may not be important to
you, but chances are it's important to
somebody.
In the second instance, it's not necessarily the
value of the data itself, but the
access that cracking the data can bring, like gaining access to your server or user accounts, thereby creating an opening that can be further exploited.
Saying that "nobody wants this data" is like saying that "nobody wants your front door", so why not just make it out of cardboard. It's not the
door that's important, it's the fact that it
keeps people out of your home.
Anytime I hear people coming up with reasons
not to code securely, I just shake my head. It's like trying to justify not wearing a seatbelt when you drive: "No one wants to hit
my car."
On the other hand, I really should
thank the insecure coders of the world, because it means that hackers will be targeting them instead of me. And I'm okay with that.
Quote:
Originally Posted by ruteckycs
not likely for the home user, but for a bank or something ....?
|
Honestly, you'd be surprised how often home networks and end user PCs are targeted.