Having problems with message search?
I cannot agree with u more Andrea.
To me i18n and security are indeed 2 orthogonal aspects of an application.
Regards,
Sourav
From: i18n-prog@yahoogroups.com
To: i18n-prog@yahoogroups.com
Sent: Fri Jun 05 14:39:25 2009
Subject: Re: [i18n-prog] Security considerations for Internationalized applications
OK, I'll bite.
There are a few security aspects specific to i18n, most notably in the expanded encoding acceptance. The difficult security issues seem to be related more to the overall structure of the code. An application designed with i18n in mind at least has the advantage of being easier to review for security. But in general I see security as orthogonal, or at least parallel to i18n. That is, the security issues in an internationalized application are the same as one that isn't internationalized, except for the expanded data issues and any additional modules or functionality added on to accommodate global requirements. Within the additional modules and functionality, security issues are the same as with any code. It's possible that security holes are opened when code is sent to some 3rd party to be internationalized, which then just adds to the many reasons not to internationalize applications that way.
Andrea
There are a few security aspects specific to i18n, most notably in the expanded encoding acceptance. The difficult security issues seem to be related more to the overall structure of the code. An application designed with i18n in mind at least has the advantage of being easier to review for security. But in general I see security as orthogonal, or at least parallel to i18n. That is, the security issues in an internationalized application are the same as one that isn't internationalized, except for the expanded data issues and any additional modules or functionality added on to accommodate global requirements. Within the additional modules and functionality, security issues are the same as with any code. It's possible that security holes are opened when code is sent to some 3rd party to be internationalized, which then just adds to the many reasons not to internationalize applications that way.
Andrea
From: Anuj Magazine <amagazine@gmail.
To: i18n-prog@yahoogrou
Sent: Thursday, April 30, 2009 10:01:23 AM
Subject: [i18n-prog] Security considerations for Internationalized applications
Hi all,
I had a question regarding Security considerations for Internationalized applications. In my experience, i have mostly seen an assumption being made that- "There is no need to do Security testing for Internalized applications". Probably the primary basis of this assumption is that in properly internalized software application a single source code is used for all the languages with resource files externalized.
Can anyone share their experiences on Security testing/Security considerations for localized software applications ?
Regards,
Anuj
**************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS*** |
Send Email
