Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Gabriel Lawrence (gabebutterflysecurity.com)
Date: Tue May 21 2002 - 22:29:39 CDT
On Tue, 2002-05-21 at 18:47, rain forest puppy wrote:
> Plain and simple, if a site can support HTTP 1.0 clients, I say it should.
> Virtual hosts obviously aren't presented with that choice, so they are not
> involved in the original problem, which was the point of this discussion.
I'd like to add a few more examples of why you should try and support as
broad a set of clients as possible. It comes down to flexibility for
you. The more robust your server application is the more likely it is to
be secure (which is the topic of this mail list right?) How can I make
that claim? Well the basic idea is that there are less untested corner
cases, and these often times are the low hanging security issues.
In addition, strange devices are becomming more and more common. Some
examples, palms with wireless browsers. As 802.11whatever starts to get
deployed more and more, people are going to be using strange computers
like palms to browse your web site more and more. By ignoring the web
standards and focusing instead on IE/NS you're going to end up in
trouble when these devices hit your site.
Another browser I use all the time and has really saved my bacon on
occasion is the google html>wml translator. If I forget to print out a
company phone number or I need some info when I'm away from a real
computer I can bring up well designed sites using this interface.
Accessibility is also going to become much more of interesting player.
What, you think thats relegated to a small subset of the net with some
kind of special need? Wrongo... This kind of thing actually enables
anyone to access a web site using voice technology. Imagine driving your
car and having OnStar read you a web site? hows it going to do it? using
the same accibility technology a blind person uses to read the web right
Lets also not forget about the GameCubes/xBoxes/PS2's that will be on
the net in the summer. I'm sorry, but often times I'm just to lazy to
get up off the couch and go to the computer room to read something on a
web site. As soon as my game console can do it I'll be happy. Actually,
I'd really like me Tivo to do it I bet I have to wait for software
vesion 3.5 for that to show up since 3.0 supports the net out of the
My point being, that while we have heard for many years there are going
to be lots of strange devices on the net you better conform to
standards. Who knows what kinds of odd bugs and strange standards
support these things will have. The closer you are to correct robustness
unders a standard the better off you are going to be. I know a lot of us
have become complacent with 98% of the world using IE... The problem is
that the landscape is really starting to change underneath us rapidly.
Those of us who build our sites to support the largest breadth of
clients will fare the best.
So, if you have the simple choice of making something work better and
more robust its the more secure, safest and most scalable way to go. Of
course, you need to balance this all against true biz need, but when you
do this you need to keep your eyes open and think about what the real
costs and payoffs will be.