Socket Help

Richard Gaskin ambassador at fourthworld.com
Mon Apr 6 14:38:54 EDT 2020


Bob Sneidar wrote:

 > I was a big believer that SSL was never going to be compromised… until
 > it was. The retooling of industry security standards over the last 6
 > years or so has taught me the opposite: NEVER rely on out of the box
 > security if you can help it.

After acknowledging how bugs can creep into even widely-used and 
critical code, do you really want to try to outdo hundreds of security 
specialists single-handedly?

Heartbleed is an excellent case in point, as the maintainer was a single 
person, and though the code was open everyone using it just took it for 
granted. The amazing thing is that nothing worse happened - that one 
fella was pretty good, just one single error added during an uncommonly 
hectic day. After that there are now two assigned maintainers, and an 
large number of code reviews with every build from staff in orgs 
dependent on it.

I hold no security certifications. But I pass along the rubric of "never 
write your own security" from literally everyone I know who does.

Your code, your call, of course.


 > Asking a web server to get data and return it introduces a lag time
 > which I am already struggling with.

What is the lag time of an already-resident Apache process (or Lighttpd, 
or NGinX) in compiled object code optimized for that one task by 
specialists, vs a scripted implementation in LiveCode?

Might be worth measuring before replicating.


 > And if I DID use a web server, I would still have to go through
 > extraordinary measures to secure THAT!

What steps are needed to secure a standard web server that are not 
needed for equivalent security in a custom server?


I'm not arguing here.  Heck, I sometimes even write my own database 
engines, so I'm certainly not trying to talk you out of having a good 
time scripting.  But the older I get the more I like to have my fun 
where the fun happens, in the business logic of the system I'm 
delivering, rather than reinventing generic infrastructure.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the use-livecode mailing list