Notes on tech

Any web application worth its salt, would have lots of user data that is sensitive in nature. For user data to be sensitive, it doesnt always have to be something about social security or medical records. Even, simple user event logging can be sensitive data because that reveals a pattern that can be mined later on.

Guarding this data from the eyes/hands of crackers or script kiddies is very crucial. Since past 3-4 days, I have been working on strengthening the security of FooBar Search Alerts. There are various aspects of security that can be scrutinized. Currently, I am working on making sure that the front-end (ala, webpages that help you to create, cancel, view the status of alerts etc) is secure.

Does security always need to implemented in an intimidating manner? Take for example, the the banking institutions in India. They have gun totting security guards standing outside the banks. The banks in US just have high tech gadgetery like security cameras in place. The security cameras dont stop thievery, they merely take a video recording of any activity and then have the law enforcement take care of the rest. I am taking a similar approach on FooBar Search Alerts. The interface is simplistic and clean, the security is implemented behind the scenes. Any untoward activity is either logged or immediately dealt with depending upon the severity.