>From the tone of the memo, my guess is that someone rolled out of bed one
day and suspected that their internal network was pretty much open to the
public. So they brought in security consultants who have erected a firewall
and placed publicly accessible servers in a DMZ (pretty standard network
security stuff). In the process, the consultants, who may have it in their
minds that CF in insecure (or, more likely, who sell BroadVision consulting)
have also talked some clueless company manager into migrating everything
done in CF into another language. Now the company has to sell this decision
based on the security angle. The same crap happens in companies with 50
people as happens in those with 50,000. In a year or two, there will be
different pointy-haired VP in charge of technology and the company will
spend millions migrating to yet another platform.
The memo doesn't appear to address purely internal applications, but who
knows what their policy will be.
Jim
----- Original Message -----
From: "Michael Vinson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, September 23, 2001 9:04 PM
Subject: once upon a time...
> .. a large hypothetical company in a hypothetical land on an imaginary
> planet issued the following memo...
>
> [begin hypothetical quote]
> What is a Control Environment and DMZ?
> Many of you have received a number of internal memos on the importance
> of a "control environment." This environment encompasses all elements of
> controlling business processes to assure integrity of our information
> and protection of our financial, physical and intellectual assets.
>
> In an effort to alleviate the potential risk of breaches to our network
> from the Internet, an enhanced Demilitarized Zone (DMZ) is being
> developed as part of our control environment. The DMZ enables a company
> to offer secured services for a public Internet presence without
> compromising it's internal network, data, servers and systems. One
> component of a DMZ involves the use of firewalls that allow specific
> communications protocols to pass through its ports.
>
> As part of our DMZ control environment, all protocols utilized by
> specific application software will be tested and certified.
>
> How does Macromedia ColdFusion impact me?
> Macromedia ColdFusion is a web application server and programming
> framework that allows developers to create dynamic web-based
> applications with database connectivity.
>
> Although temporary use of Macromedia ColdFusion has been approved for
> existing systems within the DMZ, it has been proven to be a less secure
> environment under the companies protocol certification process.
>
> Beginning immediately, all new application development will require the
> use of certified software such as BroadVision. Pre-existing applications
> developed using ColdFusion will also require migration to certified
> development software by September 30, 2002.
> [end quote]
>
> .. a couple of comments/questions/thoughts for the list...
> � Is this double-speak? Are they saying no CF for public consumption
> (internet) or no CF at all?
> � The so-called 'dmz' is a farm of unix boxes/firewalls/security
> tools/etc.
> � It strikes me that many people on this list building "business"
> applications for "large" organizations... What kind of management edicts
> are you dealing with, if any?
> � Anyone working with BroadVision? Any truth to rumours of BroadVision
> closing up shop?
>
> Thanks, Mike
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
