Having problems with message search?
OK, I'll bite.
There are a few security aspects specific to i18n, most notably in the expanded encoding acceptance. The difficult security issues seem to be related more to the overall structure of the code. An application designed with i18n in mind at least has the advantage of being easier to review for security. But in general I see security as orthogonal, or at least parallel to i18n. That is, the security issues in an internationalized application are the same as one that isn't internationalized, except for the expanded data issues and any additional modules or functionality added on to accommodate global requirements. Within the additional modules and functionality, security issues are the same as with any code. It's possible that security holes are opened when code is sent to some 3rd party to be internationalized, which then just adds to the many reasons not to internationalize applications that way.
Andrea
There are a few security aspects specific to i18n, most notably in the expanded encoding acceptance. The difficult security issues seem to be related more to the overall structure of the code. An application designed with i18n in mind at least has the advantage of being easier to review for security. But in general I see security as orthogonal, or at least parallel to i18n. That is, the security issues in an internationalized application are the same as one that isn't internationalized, except for the expanded data issues and any additional modules or functionality added on to accommodate global requirements. Within the additional modules and functionality, security issues are the same as with any code. It's possible that security holes are opened when code is sent to some 3rd party to be internationalized, which then just adds to the many reasons not to internationalize applications that way.
Andrea
From: Anuj Magazine <amagazine@...>
To: i18n-prog@yahoogroups.com
Sent: Thursday, April 30, 2009 10:01:23 AM
Subject: [i18n-prog] Security considerations for Internationalized applications
Hi all,
I had a question regarding Security considerations for Internationalized applications. In my experience, i have mostly seen an assumption being made that- "There is no need to do Security testing for Internalized applications". Probably the primary basis of this assumption is that in properly internalized software application a single source code is used for all the languages with resource files externalized.
Can anyone share their experiences on Security testing/Security considerations for localized software applications ?
Regards,
Anuj
Offline 
Send Email