Wednesday, June 23, 2010

It made me Snap

Your reviewer found this interesting article - Why DataSnap 2010 is Toy Library.

Even more amazing is how Dr. Bob wrote his DataSnap articles. Did someone ever check about DataSnap before writing so many articles on it? Or is it like those old Western Films - "Give me a drink and make it snappy"?

8 comments:

LDS said...

"to benefit from it on the LAN can make sense." Are you sure? Do you believe accessing sensitive data inside a LAN does not require proper security? Internal threats may be even more dangerous than external ones.

LDS said...

"How do you make sure that you users cannot download data"
1) Ensuring that users can access only the data they are allowed to see, and with the approved applications - not everything. That's why I found Datasnap lack of authorization appaling
2) Auditing what users do
3) Encrypting sensitive data both on storage and transmission. Because there are system administrators and SW/HW technicians that can access sensitive systems as well. Internal LANs are not more secure than external networks. And while you usually protect external access (VPNs, etc.) most administrators don't protect much internal ones, and that's a mistake. The bad guy is not always outside.
Then if your CEO brings home data and puts them on his children compromised PC, well, you just have a bad CEO.
Datasnap is not an alternative to DBX, you just add complexity without any benefit - and you lose your DB client capabilities, Oracle client can handle authentication, authorization and encryption, Datasnap 2010 can't.

Delphi Haters said...

LDS, when you have some time, can you ask Dr. Bob these questions?

1) How much did Dr. Bob pay for the rights to sell to Belgium-Luxemburg area for Delphi?

2) How much is the commissions for Delphi per user? This is an important question because the prices for Delphi editions are very high.

3) How did Dr. Bob manage to write his blog with so many good things and your reviewer manage to write this blog with so many issues and bugs that plague development work?

LDS said...

@Mike: surely you can't protect everything from code, policies are needed and must be enforced, but you can do a lot to protect data properly, the fact that someone with the proper privileges could act silly never is a reason to allow everybody to access data, it just makes enforcing policies much harder.
You can use IPSec, but it only authenticates machines, not users. You can use VPNs, which increase complexity at the user level. Anyway, they are not end-to-end security solutions. And do you trust all your sysadmins and dbas? Have you ever given a look to Oracle Vault, for example?

@Delphi haters: I could ask, but I guess I won't get a reply. There's still a lot you can do with Delphi, but it is easier than it should to get into some nasty issues, or pay (a lot) for half-backed features. People coding simpler apps may find it good enough, as soon as you try to go beyond that level, too many obstacles arise.

Delphi Haters said...

Did you read my post about "Vendor hacking"?

http://delphihaters.blogspot.com/2010/01/vendor-hacking-your-reviewer-browses.html

:)

Chris said...

@Mr Hater - um, on what he himself refers to as his 'blog' (as opposed to his general site), you can find this: http://www.bobswart.nl/weblog/Blog.aspx?RootId=5:3858

Worth clicking through to see what he wrote on the actual QC entries as well, the second in particular.

Bob Swart said...

I did not pay for the rights to sell Delphi in Belgium, Luxumbourg or the UK (as well as The Netherlands), why did you think I would need to?

Delphi Haters said...

Bob,

> I did not pay for the rights

How does one go about selling Delphi except to sign an agreement with Embacardero?