question on security scanning
question on security scanning
- Subject: question on security scanning
- From: TW <email@hidden>
- Date: Thu, 26 Feb 2009 11:52:03 -0800
All:
I just had a meeting regarding one of my apps today with some central
IT types at our university. One of the questions that was asked of me
(for the first time actually) was whether I had run a security scanner
test the application. While I'm not so naive as to think there can't
be any security issues, I had always felt that the many levels of
abstraction in WO/EOF naturally insulated me from some of these
considerations.
For background, this central IT group is heavily microsoft leaning -
so they kind of live in a different world where security is concerned
and think they believe that the entire world of computing has the same
architectural considerations they do. Their question was obviously out
of concern that an attack could be crafted against the app to extract
data from the database. It's difficult for me to imagine how this
would be possible with WO/EOF but I may have naively looked past this.
To get to the point, I'd be interested in hearing from developers on
list about whether you have scans performed against your apps. Yes or
no, what were the considerations that drove the choice.
Tim Worman
UCLA GSE&IS
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden