Bob Sneidar wrote:
> I was a big believer that SSL was never going to be compromised… until
> it was. The retooling of industry security standards over the last 6
> years or so has taught me the opposite: NEVER rely on out of the box
> security if you can help it.
After acknowledging how bugs can creep into even widely-used and
critical code, do you really want to try to outdo hundreds of security
specialists single-handedly?
Heartbleed is an excellent case in point, as the maintainer was a single
person, and though the code was open everyone using it just took it for
granted. The amazing thing is that nothing worse happened - that one
fella was pretty good, just one single error added during an uncommonly
hectic day. After that there are now two assigned maintainers, and an
large number of code reviews with every build from staff in orgs
dependent on it.
I hold no security certifications. But I pass along the rubric of "never
write your own security" from literally everyone I know who does.
Your code, your call, of course.
> Asking a web server to get data and return it introduces a lag time
> which I am already struggling with.
What is the lag time of an already-resident Apache process (or Lighttpd,
or NGinX) in compiled object code optimized for that one task by
specialists, vs a scripted implementation in LiveCode?
Might be worth measuring before replicating.
> And if I DID use a web server, I would still have to go through
> extraordinary measures to secure THAT!
What steps are needed to secure a standard web server that are not
needed for equivalent security in a custom server?
I'm not arguing here. Heck, I sometimes even write my own database
engines, so I'm certainly not trying to talk you out of having a good
time scripting. But the older I get the more I like to have my fun
where the fun happens, in the business logic of the system I'm
delivering, rather than reinventing generic infrastructure.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
