Hosting filePro applications

Lerebours, Jose Jose.Lerebours at EagleGL.com
Mon Jan 23 12:12:02 PST 2006 

Mark Fairlight posted:

> > Of course, there is the concern of fudiciality and hoping 
> that fpTech 
> > employees will not make out like bandits with our code   8-)
> 
> There's the bigger concern that $PFDATA and $PFDIR can be 
> reset, and anyone
> can get at anyone else's code.  There's no user account security level
> system in play as there is with an *SQL database.  It's not 
> -immediately-
> designed for it.  This leaves two options:
> 
> 1) Give everyone their own virtual machine with a copy of fP, 
> in which case
> they would try and knock you up for the license, probably.
> 
> 2) Code in a user access security level system so that it does work.
> 
> Now, keep in mind that I -like- the -idea- of this.  However, 
> in practise,
> this is not a trivial offering.  They would likely lose a bit 
> of money in
> the process of implementing it.  By "lose" I mean "hemmorhage", and by
> "bit" I mean "wad".
> 
> a) You'd really want, if not a data center environment, at 
> least decent
> connectivity--full T1 or better.  No idea what they have 
> right now, but
> considering their mail server read mail.henschen.com for a 
> day when they
> changed it, I think they took it all internal to Bud's place when they
> closed the Indy office.  Is he set up for doing this?
> 
> b) Backup liability.  This could be more legal exposure than 
> they'd want.
> IANAL, but the key rule in software crippling has been to 
> NEVER touch the
> customer data, as it's illegal to make someone's own data unavailable
> to them.  If proper dilligence is not taken to ensure good backups, or
> there's just an accident, the first time someone loses even 
> 20 important,
> high-ticket orders and hauls off and sues them, fP-Tech would 
> be getting
> the shaft.  Even if they're totally innocent and it's covered under an
> EULA, the cost of defending themselves from someone who's 
> -really- ticked
> about losing a $10k+ order isn't going to be pretty.
> 
> c) System security.  Let's face it, filePro has gone as late as 5.0.14
> with a broken umask that leaves export files as 0666.  I 
> wouldn't -trust-
> a company to provide decent system security when their one 
> small subsystem
> program suite doesn't even have proper security.  (Was this 
> even -fixed- in
> 5.6?  Anyone on the beta list want to check?  I'd do it 
> myself if I knew a
> quick way to test an export, and I just plain cannot bang out 
> fP code as
> fast as you guys.  Last export I did was in 1993.  Bit short 
> on time to
> test this.  But if it hasn't been fixed, 5.6 should not be 
> walking out the
> door until it is, IMHO.  I get sick of having to flag export 
> files during
> security audits.)
> 

All of these are very valid points and worth mentioning.
This is, of course, the way things get started; you must
have both check lists and work on converting minuses into
pluses.

I do not see how fpTech would loose as much money as you
make it sound.  If shared hosting or virtual server hosting
was not lucrative, I would venture say it would not be 
so widely offered.

As far as speed is concerned, filePro should not complain
since its speed is the one thing we all brag about  8-)
I mean, I use Godaddy.com and it moves pretty fast resolving
GUI applications (server side scripting using CFML).

Am I the only one here that would not care for some one 
else's code?  If fpTech were to do this and I hired their
service, I would not venture to peruse around and try to
steal/view other applications (unless invited to by owner).

There is one thing I am certain to take with me without any
blemish, my integrity!

All the points you brought up are strong issues and very vital
for a successful launch of such service but, I think, all are
addressable - Leave it to Ken ... before the 2nd pizza pie is
over ... plus however many cans of coke or cups of coffee ...,
I am sure he would have a solution in his end.

Besides, tell me if you could not come up with a security system
to keep every one in check?  

So, how about guys?  Go ahead, I pay for the first round of pizza
and coke.

This sort of idea deserve tossing around as alternative source of
revenue.  Besides, it is the future!

Regards;



Jose Lerebours

More information about the Filepro-list mailing list