On 3/22/07, Raymond Olavides <[EMAIL PROTECTED]> wrote:
Thin line indeed. That's why most sysads write and implement policies and inform user about such policies to ensure the network is safe. SysAds maintain security in the server level not on a client - particularly remote client or clients not belonging to the network - as is the case of web applications. Of course in intranets the end users of web app belongs to the network, in which case the SysAd has more control over how certain services will be accessed and how client pc's will be configured.
I'm on the same page as you. On "... Actually snooping on users regarding what sites they're using
(through remote viewing _without visual indicators that he is being monitored_ ) might be tantamount to invasion of privacy", it is invasion of privacy.
That's what I mean :) In the case of web applications, where the majority of users are out in the
open, you can not mess with their system's settings.
Exactly. Since that is not a part of your immediate concern. Only the application that is deployed (web or otherwise) is your only concern. Included to that is how the application behaves, how the application secures the data and so on so as to protect your immediate domain of responsibility, as well as protect the user indirectly. You have no right to. You must inform them of your actions and make them
agree with it in writing (knowingly or unknowingly - since most do not read the Terms of Service seriously)
Yes. Ive stated this as "transparency". It is a fact that not all web developers are good javascript coders. True. It is best that you handle security where you have greater control over data
and resources. Something that you do not have over your internet application user.
Again, the only control you can have is to make the application encrypt data and transmit the data over secure connection. Plus do not forget to assert, assert, assert. Anticipate where your app will fail or will probably fail, and make sure that there are no possible holes or if there are some holes, ensure that these holes will not allow the user's system, or your systems to be compromised. My one cent. -- "A dog that has no bite, barks loudest." Registered Linux User #400165 http://baudizm.blogsome.com http://phossil.ifastnet.com Subscribed to: LARTC, Open-ITLUG, PRUG, KLUG, sybase.public.ase.linux
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph
