Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: .Net and security
From: Damhuis Anton (DamhuisAaforbes.co.za)
Date: Wed Nov 24 2004 - 23:51:20 CST
I have had the same, problem, and usually it the person that has done his MCSD.
I believe, that one should understand the reason behind the best practice, and implement if appropriate. If one is not open to alternatives, how is one going to improve oneself.
There are a few things I can not be negotiated on, but anybody can ask me for the reasons.
I worked on Site Server (V3) a long time ago. We had an audit done on the system, and the results were very poor. The customer lost a lot of confidence in us. We only later found out about this and when we explained why certain thing were done certain ways all was ok again.
Most of the reasons were that it was passed (on the customer's request) on Site Server, and a framework store supplied by MS. Since we had to work within this framework, we had to do it a certain way.
But an answer that "MS said it is a good practice" does not fly with me. If someone can not tell me WHY it is a good practice, I do not believe them.
From: Michael Silk [mailto:michaelsphg.com.au]
Sent: 25 November 2004 12:29
To: Damhuis Anton; secprogsecurityfocus.com
Subject: RE: .Net and security
That is not the way it is here ... My co-worker is consistently
telling me "but Microsoft does it this way ..." and refuses to discuss
alternatives. The problem being the environment in MS is totally
different from our own so most of the development strategies are not
The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.