874
edits
Labs/Jetpack/Security Requirements: Difference between revisions
Labs/Jetpack/Security Requirements (view source)
Revision as of 17:53, 28 August 2009
, 28 August 2009added more
m (rewording) |
(added more) |
||
| Line 5: | Line 5: | ||
* '''Simple Things Stay Simple'''. The target audience for Jetpack is the amateur developer, not a professional. Examples laid out in the Jetpack tutorial should still work fine even when security is in place. | * '''Simple Things Stay Simple'''. The target audience for Jetpack is the amateur developer, not a professional. Examples laid out in the Jetpack tutorial should still work fine even when security is in place. | ||
:::This means, for instance, that it may be better to infer the capabilities that a program requires—at least in the simple cases—rather than force the developer to create a security manifest. | :::This means, for instance, that it may be better to use static analysis or symbolic execution to infer the capabilities that a program requires—at least in the simple cases—rather than force the developer to create a security manifest. | ||
:::It should be noted that more complex functionality, such as modules, may have a slightly higher barrier to entry because their security characteristics are necessarily more complex. | :::It should be noted that more complex functionality, such as modules, may have a slightly higher barrier to entry because their security characteristics are necessarily more complex. | ||