[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: ??? (was RE: A simple guy with a simple problem)
You are right. He chalks it up to "bad practices". But let's look at what he says" Simplify to "deploy and administer": "Ultimately, Microsoft has lowered the ticket to entry for deploying and administering e-commerce applications. The result of that is evident: the industry has people, with fairly limited knowledge/experience with both security practices and OS platforms, responsible for the design, development, deployment, and subsequent administration of Microsoft-platform based online applications.... This is not a Microsoft-driven issue. This issue is clearly a failure to follow Best Practices in design, deployment, and subsequent administration of web-based applications." Programmer does the "simple" thing (XP: Try something) despite all efforts to explain the reality or requirement of the particular application: "Best Practices tell us that we do not put core application logic in our ASP, ASP+, JSP, or otherwise scripting-powerful web code." Simplify by "lowering the standard" for what turns out to be complex task, "not a bad thing" but....: "I think it's pretty clear that this is not Microsoft's fault. They did their part: vulnerabilities were discovered, and they responded quickly with patches. If Microsoft is to be held accountable, it's for lowering the standard required to deploy and manage distributed applications. And that, in and of itself, is not a bad thing. ... Again,everyone is daring to do less: "This is quite obviously a case of lack of security administration, and poorly designed applications." Is it a "metaphor"? Call it a cautionary tale on daring to do less, and having your customer hand your head to you. Question for you: Do you ever get a requirement that requires all system operations to return in under 3 seconds and the operational reliability to be 99.99% of the time 24/7? Do we? Everyday, everytime, in every proposal. Len http://www.mp3.com/LenBullard Ekam sat.h, Vipraah bahudhaa vadanti. Daamyata. Datta. Dayadhvam.h -----Original Message----- From: Simon St.Laurent [mailto:simonstl@s...] I don't think that article says what you're claiming it says. Security adminstrators doing a crappy job doesn't strike me as "the simple approach", and all of the conclusions read "Failure to follow Best Practices", not "Architects made core technology too simple". Nor am I convinced that security examples are great metaphors for XML work.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|