On 11/13/08, Profox <[EMAIL PROTECTED]> wrote:
> And web app's are secure why ? or was that a joke too :)
"Security" isn't a feature or a checkbox that's on or off. It's a
process. And there's lots of ways to screw it up on all kinds of
installations.
There's "secure against code theft" and there's "secure against misuse
of services" and there's "secure against information disclosure" that
are all different though related concerns. This thread started out
talking about the first one.
It does depend on what you're selling. Web apps tend to have different
issues. If you provide a web site for your clients to use ("Software
As A Service" or SaaS, formerly Application Service Provider or ASP),
then your risk of revealing application code can be limited. Usually,
you don't have to distribute your source code with your web apps
(although AJAX et al are changing this rule.) "View Source" doesn't
view the web app source code, only the web client.
On the other hand, if you sell your clients an application to install
on their servers, then they have the object code to examine.
--
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
