DEV Community

Discussion on: Four Security Principles That Software Developers Should Follow

Collapse
 
jroper profile image
James Roper

But that's just more dogma too. Don't get me wrong, the principle of Least Privilege is a fantastic security tool, but it comes a cost, and sometimes what you're protecting just isn't worth that cost. For example, I run my own server which handles my mail and runs my blog, and I also run an always connected IRC client through screen on it. Principle of Least Privilege would say that I should use a different user account that doesn't have the ability to admin my web and mail server for running my IRC client. But I don't, because the value of my mail and web server isn't that high, not high enough to outweigh the cost of managing multiple use accounts and SSH keys for logging in to the one server. That's a pragmatic decision I've made after understanding the threats.