[
Lists Home |
Date Index |
Thread Index
]
Paul:
"But the whole point of web services was that we would put services on
the public Web as we put websites on the public Web."
http://www.prescod.net/rest/security.html
Be sure that only idiots would expose their non-trivial business documents to
"the Web" through any kind of interface. Nothing gives a competitor such advantages as
to be able to see this stuff. That is why contracts for proposal responses include language
about the public dissemination of the documents submitted.
Again, the NRC is pulling down drawings, DoD is shutting down sites and purging material, the
Interior folks turned off their web sites altogether (may be back up, haven't checked). This
is the idiocy of "The Web": "good for my career to be exposed". That is why I get riled;
I've seen a lot of serious stupid out of "The Web" supporters. "information wants to be FREEE!"
Now step back from the "idiots" who bought the story Tim Berners-Lee sold them, and take a look
at how serious business professionals design software. They use requirements derived from contracts
derived from proposals sent in response to requests. No where in there is security deprecated
or overlooked. We have whole sections of responses dedicated to security. We will not expose
objects to the web that expose security holes. We are much more likely to partition the web
away from vital assets and use proper and well-understood techniques of dissemination management.
That said, RPCs for intranet and URIs for extranet are just fine. The Network Is NOT the Computer.
Using services at the public level will require intense scrutiny. If your managers are idiots,
they may let you do things that are stupid, just as the NRC, DoD, and others did with URLs.
len
|