From the course: Threat Modeling: Tampering in Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Permissions
- [Instructor] Sometimes you don't have a permission system. If I have a USB stick in one computer, I can move it to a new system and change the files on it, and so whoever has physical possession can tamper with the files. Now, if we want to think about permissions, we should also think a little bit about spoofing. If I give Andrew permission to edit the script to this course, I have to make sure I'm giving that permission to the right Andrew. Failures might feel like a spoofing problem, but they can allow tampering. You might have set a file to be world writable accidentally because, let's face it, managing permissions is hard. You might have setup the file so there's an access token like a link and anyone with the link can edit the file. Actually, if the link looks like that, there's other problems. I might give an app access to my documents to help me look for readability concerns or places where I'm not focused on…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.