security advice

Chris Muller chris at funkyobjects.org
Thu Nov 10 21:13:37 UTC 2005 

Thanks for the feedback.  Certainly, if performance is significantly affected
then that will be a major factor in the decisions.  But, I will note that
having already run my benchmarks with capability-verification enabled for a
local server has had NO EFFECT on performance.  Local is how most of the web
servers will be running, so I should have asked for your feedback with the
stipulation, "assuming no effect on performance," where should transparency be
balanced against security..?

> I'm not even sure it'd be nice to have security in Magma, and if
> so - please make it optional.

As long as you have the same transparency you have now and the same speed you
have now, why wouldn't it be nice to have security?  

> Now, that's the sort of stuff that makes me cringe. Crippling local
> network speed by encrypting everything. It's still hard for a CPU to
> saturate network bandwidth on an ecrypted link, and for
> high-performance applications can well do without that burden.

I have worked hard to make Magma perform reasonable.  Rest assured, I'm not
about to throw that out the window in the name of mandatory security.

> But what's the idea of exposing a database to the internet anyway? I
> really can't think of a reason. I'd never in my life do it.

A Maui interface to the Nags domain could be built in half the time it took to
do the Seaside interface, and I get to stay in Squeak to use it (ok, so could
you if you want to use Scamper).  By using remote connection to Magma and
opening port to the Net, you can support web and Maui users simultaneously. 
Not only that, Maui users can customize their UI's to their personal taste and
choose to share them or not with others very easily..

Magma is not just about having centralized repositories behind "applications". 
Its also about using personal repositories to share objects with others.
 
> This sort of stuff does not, IMNSHO, belong in a persistence engine.
> Not even an object persistence engine. Persistent objects don't
> usually form the application layer.

I'm not sure I understand.  I think you *need* security in the db.  If an
attacker gains access to your db files then you become another story like we've
been hearing from companies in the US lately, that had their customer personal
information compromised in some way..  This cannot happen (hopefully) with what
I'm doing with Magma, the only sensitive information ever exposed is in
object-memory.

Three-tier is fine for corporate / web.  IMO two-tier is better for personal /
distributed objects.

> But then, prove me wrong. I liked to be proven wrong if it makes 
> life simpler for me ;)

Me too, and there's no ego.  I want to learn here, not "prove someone wrong"..

Cheers,
  Chris

More information about the Magma mailing list