Martin Paulo
Sun, 13 May 2001 14:44:38 -0700
> -----Original Message----- > From: Mark Derricutt [mailto:[EMAIL PROTECTED]] [snip] > Just imagine all those script kiddies who'll have access to > your source > code once they take over and 0wn Borland's services site... I would be very, very annoyed if 'script kiddies' could break the security of such a site! I would expect a far more serious attack would be needed before the site could be compromised. I would expect the site to have a security team that would monitor access, keep log files, and try to trace back any intrusion to press criminal charges. etc... The good kind of stuff that we should all be doing but can't do properly because most of us work for small companies that don't have the time, expertise and money. > Do you trust your source code, your "intellectual property" > to be secure on > a system you can't control, nor have physical access to? > Somehow I don't > see a lot of corporates liking that idea. Whilst I don't control the site, I do check the code out to my local machine and work with it. When I am finished I check it back to the remote server. I retain a full and complete copy on my machine. I don't understand why physical access is needed... Further, a corporation will have a contract with Borland specifying the level of service being paid for. That contract will have guarantees in it. Should someone else gain unauthorised access to the corporations source code then Borland will carry the can. For this reason they will throw more resources at security than you or I can, and for this reason I will trust them with my source code. I want to develop code, not be a network policeman! The act of replying to this has actually firmed up my idea that this type of web service may be the only way that most of us can safely develop software in future. As proof I offer a question faced by Microsoft recently: how do you know that someone has not already accessed your network and changed your source code without your consent? The change might be as subtle as changing a comparison to allow a buffer overrun. Or it might have been as dramatic as a deliberately wrong balance that will affect users of your software at critical instances. I think the honest answer is one based one probability - you probably haven't had an intruder and all the defects in the code are yours. Having machines connected to the Internet (you are all reading this message, right?) means that you have a front door the whole world can access. In this era of automated attack tools and programs that sniff out known vulnerabilities, how long is it before someone finds that you have left the door open? What will they do when they find that open door? Can you put your hand on your hart and state that your doors are closed? How much time do you spend making sure that your doors are shut? Is it enough? Enjoy! Martin PS: Using Mulberry rather than Outlook is a good start at shutting doors... [snip] --------------------------------------------------------------------------- New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED] Website: http://www.delphi.org.nz To UnSub, send email to: [EMAIL PROTECTED] with body of "unsubscribe delphi"