Re: Scriptable dynamic forms applications

Abdullah Kauchali wrote:

> Ok, so there is a "too much of a good thing" situation here.

You bet :) We learnt the hard way...it was part of the transition from
programmers to "businessmen".

>So, you
> went to considerable lengths ito customisability via scripting and
> dynamic forms ... but then retracted to some "optimal" level where
> the users/script-modifiers could not affect the overall application
> detrimentally. Just to ask: could this not have been managed via
> defined policies for obtaining proper training and for assigning
> responsibilities? E.g. no unqualified person should touch the script;
> and: If you do modify the code, you are responsible for it.

In a controlled environment (read: our office or our staff) we had
absolute control. We had separate source control measures, coding
conventions etc. that allowed us to keep the changes intact. This ran
perfectly for nearly two years - after which we found out that some of
our customers, instead of calling support, would make additions or
changes themselves. And then somewhere during an upgrade or because
their personnel changed, something would stop working...

We hadn't even realized that customers would choose to modify the forms
without telling us - so in true programmer fashion we added the bells
and whistles, but failed to put security in place.

If we did it all again, I'd probably put security and tracking right up
there with the rest. Plus, form design would probably need to have
severe restrictions, much more than current designer components allow.

--
Deepak Shenoy (TeamB)
Agni Software (http://www.agnisoft.com)
Blog: http://shenoyatwork.blogspot.com
.

Relevant Pages

  • Re: why microsoft choose mfc rather than wtl?
    ... to lower security settings, etc. ... For a client to get ... the particular AX control is never accessed, shown, or downloaded. ... unethical to deliver an automobile to customers because it is possible ...
    (microsoft.public.vc.mfc)
  • Re: [fw-wiz] Security dumming down - the kings clothes
    ... these networks we have: "it's a trifle chaotic out there". ... responsible for the security portion of this overall process our ... me that our greatest weakness as an industry is not that our customers are ... >>marketing or rhetoric PhD. ...
    (Firewall-Wizards)
  • Re: How do you monetize your skills?
    ... organizations that were dedicate on only the Information Security ... In sales you'll learn that customers that "want" your product/service ... market customer to reach in all of marketing/advertising. ...
    (Pen-Test)
  • Re: Data Center Theft
    ... went wrong, change security and procedures. ... NOT lie to your customers, and put them in the positions that CI Host ... So how is it possible that the facility has been robbed ...
    (bit.listserv.ibm-main)
  • Re: Security and Contingency Planning
    ... Subject: Security and Contingency Planning ... > Hypothetical Situation: ... scenarios should a healthcare provider actually loose data to data theft, ... angles (current customers, former customers, medical staff, union ...
    (Security-Basics)