Raph Koster once famously wrote, "The client is in the hands of the enemy." Admittedly, that was in reference to the use of distributed computing in the running of MMORPGs, but the phrase is relevant to many, many aspects of programming for virtually every other online service.
There may be well-meaning 'good guys' out there who will utilize a backdoor for responsible and sensible purposes, but the general userbase of backdoors tends to be 'bad guys'. So introducing a backdoor into your system for the responsible people is just implementing a weakness.
If you're going to put an administrative login into your system, for the love of sweet candied apples, document it, make it clear it exists, and tell everyone how to lock it the heck down. #infosec
@nixCraft@mastodon.social
Raph Koster once famously wrote, "The client is in the hands of the enemy." Admittedly, that was in reference to the use of distributed computing in the running of MMORPGs, but the phrase is relevant to many, many aspects of programming for virtually every other online service.
There may be well-meaning 'good guys' out there who will utilize a backdoor for responsible and sensible purposes, but the general userbase of backdoors tends to be 'bad guys'. So introducing a backdoor into your system for the responsible people is just implementing a weakness.
If you're going to put an administrative login into your system, for the love of sweet candied apples, document it, make it clear it exists, and tell everyone how to lock it the heck down. #infosec