A r t i c l e s
|
Ease of Use vs Security
|
Some times Ease of Use and Security can coexist together to some extent. Sometimes though, Ease of Use does not come with security.
Example:
The windows API is fairly simple to use (although a large knowledge base) compared to Unix and Linux methods. Sockets? Domain Message Ques? TCP? Just let me send a message to another application please! That's all I asked for!
In windows, the API can be a security issue. But in Linux, you might spend hours figuring out how you are going to integrate two applications.
One method, and one advantage of using TCP sockets or sockets in general, is that your API will be network ready (or closer to network ready). Instead of just being able to send API messages on the same computer through something like the windows API, sockets will allow you to transfer message through the network. How is this more secure? You can make a password/IP address requirement. How is this more powerful? All applications have advantages when they are network/TCP ready.
If the windows API required a password/log in each time you used an API call, or each time you used an application with the API, this would just make things complicated for developers and users. I came across a website which described someone creating an application in Linux which talked to another one. He had to go through complicated mess to get it going, and someone said "on windows you just use sendmessage".
So the disadvantage of something fairly easy to use (sendmessage) is that it is not as secure . But how secure does one go? Many people fall for the lazy way out - but at the same time, not everyone has time to create their own messaging system (reinvent it) over and over again. Probably the best solution for Linux would be a more standardized messaging system across TCP or unix sockets.
There are POSIX messaging systems, but TCP offers more future possibilites through internet networking. Any application can be internet remote controlled through TCP. So a higher level TCP messaging system could be a more powerful and secure than the windows API style of messaging, while at the same time it would easy to use (if it was designed as so). Local messaging systems could just use localhost, and the user wouldn't require a password to make it easy (but this may be a security issue.. hmmm. So when do we draw the line?). But anyway, instead of sending strings over a network and parsing them through sockets, creating and reinventing your own messaging system each time..a higher level messaging system through TCP might be better.
Are there already some TCP/network POSIX or linux messaging systems that I haven't come across? Are they network ready? Are they internet ready? Are higher level wrappers available, so everyone doesn't have to reinvent their own cross-applcation messaging system each time? --L505
|
|
About
This site is about programming and other things.
|