[Info-vax] BridgeWorks
Dave Froble
davef at tsoft-inc.com
Tue Jul 23 15:08:19 EDT 2024
On 7/22/2024 1:47 PM, Simon Clubley wrote:
> On 2024-07-22, Dave Froble <davef at tsoft-inc.com> wrote:
>>
>> I would not consider SSL, TLS, MD5, Sha-1, and such applications. They are more
>> environment protection, the way I see it. And you are correct, some no longer
>> protect the environment for the real apps.
>>
>> Please explain to me how an application, for example an inventory application
>> that tracks on hand product, would ever be involved in security? It is the
>> environment that must provide the security, and the apps the actual work.
>> Things get a bit grey when an application communicates outside the environment,
>> but even then, it is the available security that is used, not the apps.
>>
>> So, your comments are not relevant to whether or not the apps written in say VB6
>> need support, at least from a security perspective.
>>
>
> Actually, they very well could be.
>
> One simple example would be that a new form of injection attack is
> discovered and it is discovered the old applications do not handle
> it correctly. In addition, and making the problem far worse, the
> problem may not be in the application code itself, but in one of
> the language libraries that the application uses.
Ah, Simon, how does any of what you mention get through a secure environment,
and if it cannot, what does anything matter to what is behind that secure
environment.
The real question: is the environment secure?
If the environment is not secure, what difference is there about whether the app
implementation is supported, whatever that means?
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list