On Mon, 12 Nov 2001, Mike Carlson wrote: > For a developer having to write 600 lines of code to make sure > everything is set right before launching the form would be an enormous > amount of work compared to editing a key to allow .exe files to show up. > Granted that may be the more secure way of doing things, but then people > may not want to develop for that platform. > > Microsoft made a lot of money off Windows and Office being extremely > easy to develop for and use. With that there is security risks.
I think you make a good point. What may have been a good approach in the short term (very easy to work with, but insecure) is not so good in the long term (it is still insecure, leading to many upset customers). I wonder, what happens next? Microsoft has said they will be moving to make things more secure. Assuming they follow through, does that mean people will move away to easier-but-less-secure platforms, restarting a cycle? Or will it mean security becomes a fundamental for Windows/Office programming (which, I would argue, it should be)? Would people still like Exchange so much, if it was more secure but less convenient? I know *I* certainly would, but I'm not an Exchange programmer. I wonder, how hard would it be to design a model that is secure by default, but easily opens up access to software with the proper authorizations? I suspect that would require moving most of the scripting intelligence into the server, where it can be protected better. Anyone here who knows more about Exchange programming than I (i.e., just about anyone) have any comments on that? -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
