RE: Would you recommend such an application for production use?
- From: "Matthew Zito" <mzito@xxxxxxxxxxx>
- To: <development@xxxxxxxxxxxxxxxxx>, "ORACLE-L" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 17 Feb 2010 16:25:27 -0500
Depending on the size of the company that wrote the product, I wouldn't
be surprised if they don't have a "hardening" guide for their product.
So, by default, they leave things wide open, to improve user experience
and ease of use (cause unfortunately, very often as quality of security
increases, ease of use and functionality decreases correspondingly).
However, odds are they have run into folks like you who are smart enough
to crack the whip a bit from a security perspective, and they probably
either have a doc on improving security, with documentation about what
capabilities you lose accordingly, or they have someone you can talk to
within the organization who can help you with your concerns.
I'd escalate those concerns to management, and see if you can't get on
the phone with the vendor, and ask them to address the concerns. They
might be more than keen to help you out.
(speaking as someone who has these kinds of discussions with customers
all the time).
Thanks,
Matt
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Bach
Sent: Wednesday, February 17, 2010 4:20 PM
To: ORACLE-L
Subject: Would you recommend such an application for production use?
Dear listers,
I tried to come up with a good name for this post but couldn't. So here
goes the story:
I have been asked to review a product that management is _very_ keen to
deploy in production. Unfortunately before this can happen it has to go
through a change management process which implies that "troublemakers"
like me can raise their concerns that need addressing. For a change I
have access to the source code of the application which makes it even
more interesting.
<snip>
Did anyone made a similar experience? What did you do?
Interested to hear comments!
Martin
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
