talking about are not available over the internet, or only through VPN or
other methods.
Like I said earlier, for public sites you are going to use very different
resources than you will use on a closed/classified application.
However the topic was securing CF apps. Not sites :) it can be difficult
for some to differentiate between an application and a site.
--
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319
The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s). Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
-----Original Message-----
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:19 PM
To: CF-Talk
Subject: RE: Securing CF Apps.
I see this as a sliding scale, security vs user experience.
There's the general public website where the the owners want as much
exposure as possible. For this type of application you may not want
security to the nth degree. As was just posted, allowing the user to
bookmark pages and/or directly type url's is desirable for the purpose of
that application.
On the other hand, there are applications where this is undesirable. I
suspect that applications Tim is writing are even available to the general
public at all, and if you are even seeing the page in a browser if you are
not supposed to be, you have hacked through several layers of security
already.
We write applications somewhat in the middle. There are parts of our data
that we DO NOT WANT to exposed to any more risk then we can, very sensitive
HIPPA data. We are taking at least a year to thoroughly test our first
application that will allow a very limited access to users to their personal
data directly through the internet.
So it all comes down to the analysis that has been mentioned. You need to
decided on the purpose of the application, what are it's security needs and
build to that level.
My .02, keep the change.
--------------
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA
"C code. C code run. Run code run. Please!"
- Cynthia Dunning
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
