RSS FeedBlogs
RSS FeedSubscribe to this blog
About Author
Forrester Analysts

Forrester Research is a technology and market research company that provides pragmatic advice to global leaders in business and technology.



Goodbye privacy: Conventional security can be neutered by a careless programmer

Tell me about your testing processes

Article comments

More and more data is stored online by both consumers and businesses. The convenience of using services such as Dropbox, Box, Google Drive, Microsoft Live Skydrive, and SugarSync is indisputable. But, is it safe?

All of the services certainly require a user password to access folders and some of the services even encrypt the stored files. Dropbox reassures customers, "Other Dropbox users can't see your private files in Dropbox unless you deliberately invite them or put them in your Public folder."

The security measures employed by these file syncing and sharing services are all well and good, but they can be instantly, innocently neutered by a distracted programmer. Goodbye privacy. All your personal files, customer lists, business plans, and top secret products designs become available for all the world to see. How can this happen even though these services use sophisticated authentication and encryption technologies? The answer: a careless bug introduced in the code.

Below is some Java code I wrote for a fictitious file sharing service called CloudCabinet to demonstrate how this can happen. Imagine a distracted programmer texting her girlfriend on her iPhone while cutting and pasting Java code. Even non-Java programmers should be able to find the error in the code below.

Fortunately (and hopefully) mature application development teams have rigorous testing processes that find security holes before devastating code like this makes it into production. If, as SugarSync says, "Your peace of mind and the security of your files are our top priority." then don't just tell me about your authentication and encryption for file access, transfer, and storage. Tell me how your testing processes will catch coding errors that could compromise security of my files.

Posted by Mike Gualtieri

Application Development, Cloud Drive, Software testing, Testing, programming, security


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *