תדמית של שיפור ביצועים ומציאות

יום ראשון, ינואר 11, 2009

     ידיד טוב שלי - ג'ימי מאיי פירסם פוסט מדהים של תדמית של שיפור ביצועים ומציאות:Perception, Reality, & Incrementally Tuning World-Class Applicationsהפוסט מלא ב-Passion (לא פחות) וקראתי אותו בכיף.הפוסט מבוסס על התפיסה שאד גלאס שיתף לגבי שיפור של 20% (גם קולביס התייחס לזה).הנה שני סיפורים אישיים שלי בנושא. מתוך: CS193H High Performance Web Sites יום אחד נקראתי לעזור ללקוח לשפר ביצועים של מערכת ה-Web שלו. כאשר התחלתי לתחקר מה הבעיה התברר כי נדרש שיפור ביצועים ב-50%. כבר נשמע לי אתגר. כאשר נאמר לי שמדובר על המאמץ שנמשך חודשים ארוכים אז התחלתי לחשוב שאולי כדאי לוותר......
3 תגובות

Security, Real Life, and Being Proactive

יום חמישי, פברואר 15, 2007

Have you noticed that little slogan in the bottom of p&p logo? "proven practices for predictable results" When I landed in Seattle for Another Breathtaking Microsoft Convention I called my precious wife to tell her I am OK. What I heard in response was cry and she was telling me that she was involved in serious car wreck. I can recall now that first thing I asked was "Were you wearing safety belt?" and when I heard "yes" I could estimate what could happen to her. I could not be sure about her explanations since she could be under shock, but since she applied proven...
תגיות: ,
2 תגובות

More Powerful Security Tool

I was blogging lately about security tools (see Most Powerful Security Tool). For some reason there is perception that security tools are about scanning, intercepting, cracking, and tampering - in other words, something reactive. To me security tool is something that supports Security Engineering as the whole and can be anything from document templates to simple checklists. But my favorite is of course Guidance Explorer (see patterns&practices Guidance Explorer) that constantly gets updates (see He Who Doesn't Ask - Just Doesn't Get). Today it contains about 1000 prescriptive items for security and performance. I've used it for the following scenarios: Create high...
תגיות: , ,
אין תגובות

SQL Server 2005 – EXECUTE AS Clause (Transact-SQL)

יום ראשון, פברואר 11, 2007

.http://msdn2.microsoft.com/en-us/library/ms188354.aspx "In SQL Server 2005 you can define the execution context of the following user-defined modules: functions (except inline table-valued functions), procedures, queues, and triggers. By specifying the context in which the module is executed, you can control which user account the SQL Server 2005 Database Engine uses to validate permissions on objects that are referenced by the module. This provides additional flexibility and control in managing permissions across the object chain that exists between user-defined modules and the objects referenced by those modules. " I think it is AWESOME!!! With security thing we have couple of principles,...
אין תגובות

Approximately US$1.2 Million, Has Been Stolen From The Scandinavian Bank – Jan 19, 2007

יום שבת, ינואר 20, 2007

"The log-in system used by Nordea has been the target of much criticism during recent months. Users log in to their accounts using their date of birth, a standing four-digit security code and a one-time code." Building your own custom authentication system instead using industry proven one - recipe for the above. Here are some helpfull resources: How To: Create GenericPrincipal Objects with Forms Authentication How To: Protect Forms Authentication in ASP.NET 2.0 How To: Use Authorization Manager (AzMan) with ASP.NET 2.0 How To: Use Forms Authentication with Active Directory How To: Use Forms Authentication with Active Directory in...
אין תגובות

He Who Doesn't Ask – Just Doesn't Get"

יום חמישי, ינואר 18, 2007

...on other hand "you can't always get what you want" :) In my case - I asked and I got what I wanted So if you care about your application's security shape - go ahead and download Guidance Explorer today. Thanks JD! Cheers
תגיות: ,
אין תגובות

Unbreakable Guy Joins the Family- The History Is Made!

יום שישי, ינואר 12, 2007

via http://www2.csoonline.com/blog_view.html?CID=28152 Just like Microsoft does Oracle first time in the history notifies its customers about upcoming critical security update it is about to release in January 16. "Oracle Database Executive Summary This Critical Patch Update contains a total of 27 new security fixes for Oracle Database products, 10 of which may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. 1 fix is applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed" Good stuff!! (I mean the fact of systematic security updates...
אין תגובות

When Security Guys Ask You About Authentication – This Is What They Actually Mean

יום ראשון, דצמבר 31, 2006

When you scheduled for security review meeting be prepared for the above question. Security guys are concerned of Identity Theft/Spoofing Threat. My suggestion is to go there prepared with the following question list thus saving lots of How do your end users identify yourself? User and Password pairs Digital Certificates? Other? How credentials sent over the wire (if any)? Clear text? Hashed? Over protected wire (SSL, IPSEC, etc)? Binary encoded? How does your system authenticate your end users? IT based Windows Integrated Digest Basic PKI Custom mechanisms (not the best choice) How does your application manage credentials that it uses to authenticate itself with downstream servers? Hard coded...
תגיות: ,
אין תגובות