Great talk on security by Damon Cortesi of Alchemy Security tonight at StartPad. The good news for me is that I'm already doing everything he mentioned as the first line of defense. That doesn't mean that my security is perfect, but I'm doing ok and I'm hoping that the Google App Engine infrastructure will take care of some other issues, like protection from Denial of Service attacks. One thing I thought about while Damon was talking and that was changing the way I'm doing authorization for AJAX requests. Afterwards, Damon, Mike Koss, and I chatted about how to simplify and I'll probably make the change tomorrow.
As mentioned yesterday, two meetings and Damon's talk took big chunks of my day. I worked on security & permissions most of the time, but I took out a few minutes to knock off a few other things, including the schema change I'd been contemplating. This lets my graph move in the right direction, even if I didn't complete any security tasks today. I'm now under 20 tasks in 4 buckets.
Update: Corrected x-axis.
0 comments:
Post a Comment