Home/ Questions/Q 110593
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T02:15:05+00:00

Suppose the app you are working on is specially designed for a customer to

  • 0

Suppose the app you are working on is specially designed for a customer to meet a particular ‘in-house’ need, such as data processing of payroll information. This application will not be distributed publicly and will reside on internal networks only. (Theoretically the internal network should remain 100% secure.) How much effort should a developer spend on IA in this case? Lets say the database is SQL, would you worry about preventing an SQL injection attack in this situation?

I would love to hear some feedback from developers who work on none web-centric (I can’t think of a better term right now, though none web-centric is not completely right. Its more like none distributed or none public or something along those lines.) type programs and how much effort do they put into security.

As an addendum, how would you justify this need to a manager type?

I am currently doing a case study of the necessity of IA for ‘in house’ software development so any answer would be greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. I tend to take the perspective that no matter what the final use of the product might be, as the application developer I am responsible for ensuring the integrity of the application and its security. This provides two definite benefits:

    1. Prevents bugs that you might not / will not foresee. For example the same code that escapes inputs before database queries also ensures that names like O’Leary won’t break the application’s normal execution.
    2. Prevents malicious exploitation of #1.

    Regarding #2, if you are working for the company as their developer and information is leaked by an employee using the system then they likely bear liability in that the software is their product. If you are working for a third party that is developing the software to be used by this company then if information is leaked from the company through security holes in your software, any guesses where they’ll turn for answers? Either way, it all comes back to you as the application architect and someone with questions about why the application wasn’t more secure to begin with.

    I would suggest that you implement the most rigorous security possible given your constraints and the sensitivity of the data that you’ll be safeguarding. If its high scores for WoW then I’d worry less than if I were designing an internal application for a bank.

    • 0