security advice
Cees De Groot
cdegroot at gmail.com
Thu Nov 10 21:44:00 UTC 2005
On 11/10/05, Chris Muller <chris at funkyobjects.org> wrote:
> As long as you have the same transparency you have now and the same speed you
> have now, why wouldn't it be nice to have security?
>
Err.. transparancy means I can access everything. Where's the security, then?
> I have worked hard to make Magma perform reasonable. Rest assured, I'm not
> about to throw that out the window in the name of mandatory security.
>
Good :)
> A Maui interface to the Nags domain could be built in half the time it took to
> do the Seaside interface, [...]
Is that a challenge? ;) Anyway, Nags' interface is almost empty, most
of the coding time went to developing generic
develop-apps-quickly-stuff.
> I'm not sure I understand. I think you *need* security in the db. If an
> attacker gains access to your db files then you become another story like we've
> been hearing from companies in the US lately, that had their customer personal
> information compromised in some way..
If an attacker gets access to the db files, you're hosed anyway. And
bad security will always happen - I bet that the companies that
screwed up had databases with built-in security ;).
I happily ran VW+OmniBase to support a business for years. We were
security conscious, if you compartimentalize your network well enough
the difference between
internet|firewall|webserver|firewall|appserver|firewal|dbserver or
internet|firewall|webserver|firewall|appserver+presistence isn't too
bad.
> Three-tier is fine for corporate / web. IMO two-tier is better for personal /
> distributed objects.
>
Agree there.
Summary: at the moment, I'm looking at Magma as a persistence engine
below Squeak. And I like it. For *my* purposes, I don't really need
security - yet. So I hope that whatever you cook up, doesn't interfere
:)
At the same time, I'm interested in where you take this. So I'll shut
up for new, lest you start taking my advice...
More information about the Magma
mailing list