----- Original Message -----
From: "Heald, Tim" <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 1:34 pm
Subject: RE: Securing CF Apps.
> Good post man, and your right, for the most part the applications
> I am
> talking about are not available over the internet, or only through
> VPN or
> other methods.
>
> Like I said earlier, for public sites you are going to use very
> differentresources than you will use on a closed/classified
> application.
> However the topic was securing CF apps. Not sites :) it can be
> difficultfor some to differentiate between an application and a site.
>
> --
> Timothy Heald
> Web Portfolio Manager
> Overseas Security Advisory Council
> U.S. Department of State
> 571.345.2319
>
> The opinions expressed here do not necessarily reflect those of
> the U.S.
> Department of State or any affiliated organization(s). Nor have these
> opinions been approved or sanctioned by these organizations. This
> e-mail is
> unclassified based on the definitions in E.O. 12958.
>
> -----Original Message-----
> From: Ian Skinner [EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 3:19 PM
> To: CF-Talk
> Subject: RE: Securing CF Apps.
>
>
> I see this as a sliding scale, security vs user experience.
>
>
> There's the general public website where the the owners want as much
> exposure as possible. For this type of application you may not want
> security to the nth degree. As was just posted, allowing the user to
> bookmark pages and/or directly type url's is desirable for the
> purpose of
> that application.
>
>
> On the other hand, there are applications where this is
> undesirable. I
> suspect that applications Tim is writing are even available to the
> generalpublic at all, and if you are even seeing the page in a
> browser if you are
> not supposed to be, you have hacked through several layers of security
> already.
>
>
> We write applications somewhat in the middle. There are parts of
> our data
> that we DO NOT WANT to exposed to any more risk then we can, very
> sensitiveHIPPA data. We are taking at least a year to thoroughly
> test our first
> application that will allow a very limited access to users to
> their personal
> data directly through the internet.
>
>
> So it all comes down to the analysis that has been mentioned. You
> need to
> decided on the purpose of the application, what are it's security
> needs and
> build to that level.
>
>
> My .02, keep the change.
> --------------
> Ian Skinner
> Web Programmer
> BloodSource
> www.BloodSource.org
> Sacramento, CA
>
> "C code. C code run. Run code run. Please!"
> - Cynthia Dunning
> _____
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
