re: Four Security Principles That Software Developers Should Follow VIEW POST

re: Give your users, services, etc. the least amount of privileges necessary to function and no more. For example, I recently watched a security video ...

πŸ‘ Thanks for providing the explanation Kasey, was in a meeting before, so didn't have time to respond.

For reference, I came across this in 2014 while working on Identity Access Management (IAM) for a bunch of SharePoint applications that were using WS-Federation, SAML etc. Although the code is generally related to C#, this was a great blog I used at the time,

Dominick Baier, the author of this blog, is well versed in IAM, specifically on the .NET platform. If you're in that ecosystem, you should check out,

We use IdentityServer for one of our systems, actually.

Our client ended up going with commercial software. We set them up with Optimal IdM. Great product and support. We needed an on premise solution, so it fit their needs. The virtual feature allowed us to expose all the clients' user stores as one.

Ah that all makes a lot of sense. We've recently gone through a process of doing that at work.

@robdwaller , here's a real world example that occurred yesterday.

Why people run npm with sudo makes no sense to me as you don't need to.

In this particular case, by giving npm too much privilege, it wreaked havoc on Linux file systems, Show-stopping bug appears in npm Node.js package manager | ZDNet.

Had npm been run with a non-root user (least privilege), this would not have happened. The issue has since been fixed with a patch.

I have to admit I hate NPM. I've scrapped entire boxes and started over because I've messed up an NPM install. It always feels more like sorcery than actual Dev ops. Always advise developers to be careful with Node and NPM.

code of conduct - report abuse