[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: ??? (was RE: A simple guy with a simple problem)

  • From: "Bullard, Claude L (Len)" <clbullar@i...>
  • To: "Simon St.Laurent" <simonstl@s...>, xml-dev@l...
  • Date: Wed, 14 Mar 2001 15:19:30 -0600

asp ticket
You are right.  He chalks it up to "bad practices". But let's look at what
he says"

Simplify to "deploy and administer":

"Ultimately, Microsoft has lowered the ticket to entry for deploying and
administering e-commerce applications. The result of that is evident: the
industry has people, with fairly limited knowledge/experience with both
security practices and OS platforms, responsible for the design,
development, deployment, and subsequent administration of Microsoft-platform
based online applications.... This is not a Microsoft-driven issue. This
issue is clearly a failure to follow Best Practices in design, deployment,
and subsequent administration of web-based applications."

Programmer does the "simple" thing (XP:  Try something) despite all efforts
to explain the reality or 
requirement of the particular application:

"Best Practices tell us that we do not put core application logic in our
ASP, ASP+, JSP, or otherwise scripting-powerful web code."

Simplify by "lowering the standard" for what turns out to be complex task,
"not a bad thing" but....:

"I think it's pretty clear that this is not Microsoft's fault. They did
their part: vulnerabilities were discovered, and they responded quickly with
patches. If Microsoft is to be held accountable, it's for lowering the
standard required to deploy and manage distributed applications. And that,
in and of itself, is not a bad thing. ... 

Again,everyone is daring to do less:

"This is quite obviously a case of lack of security administration, and
poorly designed applications."

Is it a "metaphor"?  Call it a cautionary tale on daring to do less, 
and having your customer hand your head to you.

Question for you: Do you ever get a requirement that requires all system
operations 
to return in under 3 seconds and the operational reliability to be 99.99% of
the 
time 24/7?  Do we?  

Everyday, everytime, in every proposal.

Len 
http://www.mp3.com/LenBullard

Ekam sat.h, Vipraah bahudhaa vadanti.
Daamyata. Datta. Dayadhvam.h


-----Original Message-----
From: Simon St.Laurent [mailto:simonstl@s...]


I don't think that article says what you're claiming it says.  Security 
adminstrators doing a crappy job doesn't strike me as "the simple 
approach", and all of the conclusions read "Failure to follow Best 
Practices", not "Architects made core technology too simple".

Nor am I convinced that security examples are great metaphors for XML work.

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.