Patrick Toomey

How NOT to Build Your Client-server Security Architecture

It is funny how true the quote, “Those who cannot remember the past are condemned to repeat it.”, is. There was a time when many developers were developing client-server thick clients, as browsers were still nascent and/or didn’t exist. Many, though I hesitate to say most, even learned some design idioms related to securing client-server apps. We then moved on to the world of web applications, which themselves are a similar client-server architecture. But, I think enough time has passed that many that grew up in the world of web based client-server applications are bound to repeat the mistakes of old when it comes to developing thick clients. I can’t recall the last time I assessed a thick client application that didn’t suffer from some egregious design flaw that would have never been considered if it has been a web based application. Take a look at my latest blog post to for the specifics.