> -----Original Message-----
> From: Mark Derricutt [mailto:[EMAIL PROTECTED]]
[snip]
> Just imagine all those script kiddies who'll have access to
> your source
> code once they take over and 0wn Borland's services site...
I would be very, very annoyed if 'script kiddies' could break the security
of such a site! I would expect a far more serious attack would be needed
before the site could be compromised. I would expect the site to have a
security team that would monitor access, keep log files, and try to trace
back any intrusion to press criminal charges. etc... The good kind of stuff
that we should all be doing but can't do properly because most of us work
for small companies that don't have the time, expertise and money.
> Do you trust your source code, your "intellectual property"
> to be secure on
> a system you can't control, nor have physical access to?
> Somehow I don't
> see a lot of corporates liking that idea.
Whilst I don't control the site, I do check the code out to my local machine
and work with it. When I am finished I check it back to the remote server. I
retain a full and complete copy on my machine. I don't understand why
physical access is needed...
Further, a corporation will have a contract with Borland specifying the
level of service being paid for. That contract will have guarantees in it.
Should someone else gain unauthorised access to the corporations source code
then Borland will carry the can. For this reason they will throw more
resources at security than you or I can, and for this reason I will trust
them with my source code. I want to develop code, not be a network
policeman!
The act of replying to this has actually firmed up my idea that this type of
web service may be the only way that most of us can safely develop software
in future.
As proof I offer a question faced by Microsoft recently: how do you know
that someone has not already accessed your network and changed your source
code without your consent? The change might be as subtle as changing a
comparison to allow a buffer overrun. Or it might have been as dramatic as a
deliberately wrong balance that will affect users of your software at
critical instances.
I think the honest answer is one based one probability - you probably
haven't had an intruder and all the defects in the code are yours. Having
machines connected to the Internet (you are all reading this message,
right?) means that you have a front door the whole world can access. In this
era of automated attack tools and programs that sniff out known
vulnerabilities, how long is it before someone finds that you have left the
door open? What will they do when they find that open door? Can you put your
hand on your hart and state that your doors are closed? How much time do you
spend making sure that your doors are shut? Is it enough?
Enjoy!
Martin
PS: Using Mulberry rather than Outlook is a good start at shutting doors...
[snip]
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
To UnSub, send email to: [EMAIL PROTECTED]
with body of "unsubscribe delphi"
