scoan (7/30/2015)
I can imagine us all using candid comments in our code. If we were to add a comment regarding authentication, and if that comment were to consider the ramifications of an intruder surreptitiously accessing this code at this juncture, would we say something like, "Maybe should re-authenticate, but if someone gets here we're f*d anyway"?Having developed several systems requiring security over the years, mostly sensitive information having to do with salary and demographics for HR, I find that at some level every system finds itself in a vulnerable state. The question is whether that vulnerability is warranted--not unlike a personal situation with a spouse or significant other or trusted friend or professional counselor. The best I can do as a developer is document very clearly what's at stake if someone accesses this code at that level of privilege. This is kind of a cop-out, but I develop systems; I don't run them; I don't provide insurance against social engineering...
I'm not sure where you're going with comments here. Allowing internal systems to access each other without some authentication gives a pathway through your system if someone gets to a machine. It's not about being ultraparanoid, but following good practices and asking for some authentication where you can with good practices. Not setting up internal systems with blank passwords because it's easy.
Certainly we can't prevent everything, nor should we aim to. However we can follow secure coding practices whenever we're implementing something and try to limit the accesses.