Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: We're Hacked... But it's a secret....

  1. #21
    Man, this thread has grown more than I thought it would.

    I agree that the concept used by Sitegrity has been around. Kinda like using a source safe, where the content is checked in and out with a certificate or other authentication method.

    In a large network or on a large web farm, that might be a good addition to the suite of solid security measures. The larger organization would likely have the resources and staffing to manage the back end of the system, which includes managing certificates (CAs) and digital signatures. I could see this becoming a significant time and resource issue.

    On a smaller network, or organization, I could see this being an excessive management burden. Few small networks have the luxury of time and resources to deal with a CAs, certificate management and digital signature management. My own minimal certificate services implementation requires some management and just never seems to do enough. But it does affect performance in some areas.

    To be honest, when tasks take too much time, or become to difficult, humans tend to not do them (I'm a prime case). So, I tend to side with Tiger in this area. I like sleek, efficient systems, and I like security to be solid, easily managed and layered. And, I like it to be based on known-good practices and processes. So, something like Sitegrity would be the last thing I would add to a layered security implementation--and only if I thought the team and the network could handle the burden.

    From the company perspective, I can see the desire to not have the customer see or experience the effects of a defacement or hack on a web portal. That places a layer of utility between the customer and the underlying interactive processes.

    However, as a customer, I'd have a lot of problem with a company that hid that from me while I was conducting business on the site. If I found out later that the company had been hacked or defaced, I would have a zero confidence level in the transactions done. I would have nothing on which to base any trust in that layer of utility provided by a system like Sitegrity.

    Granted, these are gut-level statements, but that is probably how most of your customers would see it.

  2. #22
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    I'll give to you only one answer. Look at Ukraine. If people realy want to succeed, they do. If anyone here felt realy so strong about that article, they'd do something. Simply put, there is just no one who can be asked. It wouldn't matter if they got anywhere, but it would matter if they tried.

    One thing you are right about, Human Nature: if they are lazy, they are lazy. Not much we can do about it.
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •