> I totally get that point. And I'll concede that MSDE may be > installed without your direct knowledge, though the lists > I've seen of apps that install MSDE are overwhelmingly > enterprise/admin apps (and thus would be installed either in > a corporate environment with security/network professionals, > right?)
Lots of things get installed in environments without security/network professionals. I mean, Visio, for crying out loud? > The onus of responsibility has to be shared in any nontrivial > application between the creators and the implementors. > Unfortunately for the creators of apps based on MSDE, there > was a flaw in one of their components (MSDE) that they had no > direct control over. This happens -- and is endemic to every > level of the software stack -- so implementors need > unfortunately need to take proactive steps to mitigate risk. This is simply not correct with regard to MSDE. You can configure many aspects of how MSDE is installed when it's bundled with another application, such as which network protocols are used, which ports are used, what kind of authentication is used, and so on. For example, if you plan to use it with your bundled application, why listen on TCP/IP at all unless your application is incapable of using Named Pipes or Shared Memory? You seem too quick to absolve blame in the group of people who can most easily mitigate these sorts of problems, and equally quick to assign it to the group least able to protect themselves. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197005 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
