[Biojava-dev] biojava / Security

Schreiber, Mark mark.schreiber at agresearch.co.nz
Sun Jul 27 21:50:40 EDT 2003


Hi -
 
Just to add to what the others have said, if you are afraid of data leaking out of your intranet you could use an authenticating firewall (you probably do already), one that requires a user name and password for every external connection. This will block almost anything leaking out unless someone can determine your user name and password. 
 
They can also be a real pain when you want to make an external connection but once you have sorted out the protocol its not too bad.
 
The biggest "danger" from something like biojava is an innocent bug. To spot these before they become a problem you can use unit testing and logging to spot where your expected results are diverging from your actual results. Unit tests and logging are good software development proceedure (esp in a big group).
 
- Mark
 
 
-----Original Message----- 
From: Warth,Rainer,LAUSANNE,NRC/BAS [mailto:rainer.warth at rdls.nestle.com] 
Sent: Sat 26/07/2003 4:06 a.m. 
To: 'biojava-dev at biojava.org' 
Cc: 
Subject: [Biojava-dev] biojava / Security



	Hi,
	   biojava has probably became an import part of our daily work and we would
	not like to miss it. However, I was just recently asked within the company,
	what would be the security risk by using software from a public project such
	as biojava. Could it be possible that sombebody submits undesired code into
	the biojava package, which would end up on my machine and cause harm to our
	intranet.
	   Does anybody has some suggestions where to learn more about this type of
	problem ? Maybe somebody can propose a good strategy to protect againt this
	type of security risk ?
	
	Best, Rainer
	
	Dr. Rainer Warth
	Research Scientist Bioinformatics
	
	Nestle Research Center
	NESTEC LTD.
	Vers-Chez-LES-BLANC     phone: +41/21 785 87 13
	1000 LAUSANNE 26          FAX: +41/21 785 89 25
	SWITZERLAND            e-mail: rainer.warth at rdls.nestle.com
	
	_______________________________________________
	biojava-dev mailing list
	biojava-dev at biojava.org
	http://biojava.org/mailman/listinfo/biojava-dev
	


=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================



More information about the biojava-dev mailing list