Re: XML Security Gateways
From: Mike (michael.owen_at_hushmail.com)
Date: 08/30/04
- Previous message: Todd Knarr: "Re: suspect advice shows up"
- In reply to: 6tc1_at_qlink.queensu.ca: "XML Security Gateways"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Aug 2004 09:25:40 -0700
6tc1@qlink.queensu.ca wrote in message news:<cgldch$ko2@odak26.prod.google.com>...
I can't read the article, but read the "executive summary."
> My questions are:
> 1. What exactly are "XML Security Gateways" other than devices like
> IDS's and firewalls that can be configured using web services (i.e.
> using SOAP)?
> Is that all an "XML Security Gateway" is?
No, he'd be meaning XML firewalls. You can call them gateways as well
- really gateway makes more sense, as they aren't firewalls in the PIX
and Checkpoint-1 sense. Just google "xml firewalls."
> 2. Why is it such a good idea to keep developers out of security? I
> think it is important that developers are very security conscious and
> ensure that they apply secure coding practices. I don't think that he
> means that developers shouldn't be administering security (which would
> make sense to me) - because he goes on to say:
> "They are quite right that you should keep developers away from coding
> for security, but even without an XML security gateway, this can be
> accomplished if you..."
It's good to have developers following secure coding practices. It's
not so good to have developers designing your security. They don't
tend do it well, as it is hardly ever their focus - they're more
interested in doing the bits of things that the software delivers, and
the security bits around it will just be seen as slowing the project
down.
hth
Mike
- Previous message: Todd Knarr: "Re: suspect advice shows up"
- In reply to: 6tc1_at_qlink.queensu.ca: "XML Security Gateways"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
