> They're trusting you with their data. Why should they trust your code > not to email all of the data they input to malicious people if they > can't trust you to write code that keeps their data separate enough > from other people's data?
Because one is a malicious attack, and one is a bug. From a security perspective you address them in totally different ways. > If they don't trust you buy use your > product anyway, they're stupid, whether Google provides you the tools > to do better security than you can do yourself or not. You're kidding, right? On Dec 23, 4:51 pm, Geoffrey Spear <geoffsp...@gmail.com> wrote: > On Dec 22, 5:03 pm, hawkett <hawk...@gmail.com> wrote: > > > 2. Not seeing it from the customer's perspective. What they see is > > that every app on GAE is a roll your own data security effort - what a > > nightmare - how are they to tell which app was written well and which > > wasn't? How would they even begin to assess the risk profile - do > > they have to audit your company's development practices? > > They're trusting you with their data. Why should they trust your code > not to email all of the data they input to malicious people if they > can't trust you to write code that keeps their data separate enough > from other people's data? If they don't trust you buy use your > product anyway, they're stupid, whether Google provides you the tools > to do better security than you can do yourself or not. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
