Subject | RE: [IB-Architect] Messaging API |
---|---|
Author | David Schnepper |
Post date | 2000-05-18T15:57:15Z |
--------------
I have to most, most seriously disagree with you. Since message is a
tool for the programmer to use as necessary, it is the responsibility of
the programmer to use is wisely. Nothing in the proposed design
requires that meaningful data needs to be part of the message (as I said
in a previous posting). The tools provide for the programmer to be as
secure or unsecure as necessary, at their risk.
-------------
I think this is refering to yesterday's idea that it was the application
programers responsibility to encrypt information put onto the
message stream (for security).
Carrying this concept a little further would lead us to conclude
that the application programer should encrypt information put into
tables -- and have no need for the SQL security model.
There is always a balacing act between "security" and "difficulty".
If it's difficult, many programmers won't think about security until
it's too late.
SQL already has a built-in security model.
InterBase does not have any form of built-in encryption model.
Yes, I agree that it's the application programmer's duty to design
a security system for his application. As a database system,
it's InterBase's responsibility to make it easy to design &
implement a security system.
(It's a GOOD sign that we are discussing this as part of the
brainstorming about Messaging!)
Dave
------------------------------------------------------------------------
IT Professionals: Match your unique skills with the best IT projects at
http://click.egroups.com/1/3381/4/_/830676/_/958661925/
------------------------------------------------------------------------
To unsubscribe from this group, send an email to:
IB-Architect-unsubscribe@onelist.com
I have to most, most seriously disagree with you. Since message is a
tool for the programmer to use as necessary, it is the responsibility of
the programmer to use is wisely. Nothing in the proposed design
requires that meaningful data needs to be part of the message (as I said
in a previous posting). The tools provide for the programmer to be as
secure or unsecure as necessary, at their risk.
-------------
I think this is refering to yesterday's idea that it was the application
programers responsibility to encrypt information put onto the
message stream (for security).
Carrying this concept a little further would lead us to conclude
that the application programer should encrypt information put into
tables -- and have no need for the SQL security model.
There is always a balacing act between "security" and "difficulty".
If it's difficult, many programmers won't think about security until
it's too late.
SQL already has a built-in security model.
InterBase does not have any form of built-in encryption model.
Yes, I agree that it's the application programmer's duty to design
a security system for his application. As a database system,
it's InterBase's responsibility to make it easy to design &
implement a security system.
(It's a GOOD sign that we are discussing this as part of the
brainstorming about Messaging!)
Dave
------------------------------------------------------------------------
IT Professionals: Match your unique skills with the best IT projects at
http://click.egroups.com/1/3381/4/_/830676/_/958661925/
------------------------------------------------------------------------
To unsubscribe from this group, send an email to:
IB-Architect-unsubscribe@onelist.com