During an informal discussion of system design with to former co-workers, they surprised me with their beliefs that web servers were, by design and in all cases, insecure and to be avoided.
This belief caught me by surprise.
I was proposing a system design that used service-oriented architecture in the form of web services. Such a system would allow for different services to be installed on a single server or multiple servers.
My colleagues liked the idea but flatly rejected the implementation, stating (with firm conviction) that web servers were not secure.
Some research into the issue confirms my idea that web servers are like any other type of program, and can be insecure (if administered poorly) but also can be secure (if administered properly). But I don't know that this research will convince my colleagues.
And that is the other thing that surprised me: my colleagues' attachment to an idea that is not true. That is the more frightening of the two surprises.
When learning a new technology, we often build a set of rules. Sometimes the rules are correct, and sometimes the rules change. Don't get caught with old rules!
No comments:
Post a Comment