undefined | Better HN

0 pointsresfirestar5y ago0 comments

Even if there was clear evidence that this system underwent a proper security audit, with a failure this basic you would have to ask why it didn't work. What is going on inside Apple that brought them to the point of releasing a lock that simply opens with any key, despite the efforts of their state of the art lock design process and qualified lock auditors?

0 comments

Areading3145y ago

Writing some test cases for "can anyone generate a valid token" or "does an invalid token allow access" should be the first thing to do when writing an auth system.

thephyber5y ago

Your test cases make sense, but they ignore an obvious hypothetical possibility: The OIDC implementation was a well-tested core feature (with the tests that you mention), but the email proxy feature was a bolt on that was somehow not considered risky (so it could easily have bypassed a full, renewed security audit).

Also, it's not sufficient to "have a test case". The intent and the implementation must be coherent.

j / k navigate · click thread line to collapse

0 pointsresfirestar5y ago0 comments

0 comments

Areading3145y ago

Writing some test cases for "can anyone generate a valid token" or "does an invalid token allow access" should be the first thing to do when writing an auth system.

thephyber5y ago

Also, it's not sufficient to "have a test case". The intent and the implementation must be coherent.

j / k navigate · click thread line to collapse