2008-04-08
Google App Engine
I just had a look at Google App Engine. Interesting to say the least. Although I think it has value, I can't see serious business orientated people using it just yet, as there is always the question about data ownership. Businesses prefer to have complete control over their data, and if you are willing to trust a third party with your data you would then at least ensure all the correct legal work is in place - something not yet there with Google (or similar) apps.
For example, take a look at the Policies page... The policies make it clear that you are not allowed to store data that is in violation of copyright or other applicable laws. This is problematic, especially if you look at the sample from the video (see below), as the input fields are not filtered in any way, so the outside world could in theory use this demo app to store illegal (according to the policy) content in the DB.
I therefore think there is so far a big lack in this kind of application in educating new developers how to write secure code - with the only exception so far from the Yahoo! UI library which has a whole section on security.
If you think about it - you can't enforce policy if you do not provide the tools and education to enforce it :-)
In any case, I think this is very cool technology, and I would like to see this framework as a downloadable project that can be deployed safely inside an organisation.
Here is the demo video:
Happy hacking...
For example, take a look at the Policies page... The policies make it clear that you are not allowed to store data that is in violation of copyright or other applicable laws. This is problematic, especially if you look at the sample from the video (see below), as the input fields are not filtered in any way, so the outside world could in theory use this demo app to store illegal (according to the policy) content in the DB.
I therefore think there is so far a big lack in this kind of application in educating new developers how to write secure code - with the only exception so far from the Yahoo! UI library which has a whole section on security.
If you think about it - you can't enforce policy if you do not provide the tools and education to enforce it :-)
In any case, I think this is very cool technology, and I would like to see this framework as a downloadable project that can be deployed safely inside an organisation.
Here is the demo video:
Happy hacking...
2008-04-05
Some Centos and SELinux woes...
I discovered that custom compiling Apache and PHP leads to an interesting situation in Centos with SELinux. When you try to start Apache, you will get an error like this: "cannot restore segment prot after reloc: Pemission denied".
This has to do with SElinux. I found some help on the web, and what you have to do is:
Open /etc/sysconfig/selinux and modify the line that reads "SELINUX=enforcing" to "SELINUX=permissive".
You will have to reboot :-(
This has to do with SElinux. I found some help on the web, and what you have to do is:
Open /etc/sysconfig/selinux and modify the line that reads "SELINUX=enforcing" to "SELINUX=permissive".
You will have to reboot :-(
Labels: apache, centos, linux, php, selinux