Wow, thank you, this was really great. I see a lot of writing about how most developers don’t know how to do security well, but rarely do I see such a clearly illustrated and worked through example demonstrating what “doing security well” and doing it poorly means in a particular instance.
I found this post pretty inspiring, both because it showed me a gap in my skillset as a programmer/sysadmin/whatever, and because the designs @alex_gaynor proposes are simple and well-explained and understandable to me, which makes me feel like I could fill this gap (i.e. security is a skill I could learn, not some arcane voodoo).
Wow, thank you, this was really great. I see a lot of writing about how most developers don’t know how to do security well, but rarely do I see such a clearly illustrated and worked through example demonstrating what “doing security well” and doing it poorly means in a particular instance.
I found this post pretty inspiring, both because it showed me a gap in my skillset as a programmer/sysadmin/whatever, and because the designs @alex_gaynor proposes are simple and well-explained and understandable to me, which makes me feel like I could fill this gap (i.e. security is a skill I could learn, not some arcane voodoo).