Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
In their security statement you can read:
Salesforce.com utilizes some of the most advanced technology for Internet security available today.
When you read the rest of the article nothing really shows that this claim. Use of SSL is very common how is this “most advanced”? What proves that their server follows best security practice as this story reveals even a specialized security company doesn't follow them?
So how do you get insurance that their code is really robust? What tools? If you use these tools to fake attacks they may retaliate for example so it's not very practical.
This is not targeted especially at salesforce this is more general question about SAAS or PAAS. If you use such services to integrate with your site, how can you ensure that the security is handled correctly knowing that you cannot trust only claim ? This is a big question you need to answer Corporate Management when you choose such solution. How can you answer if they want proofs ?
This is a great question. How can we trust any Saas claims, let alone their security ones? I think it comes down to trust and marketing. In the end, since the software is not hosted in our servers, we don't know for sure if they really are secure. We can't force guys like SalesForce to make guarantees either. I would love to see a third party website that reviews all these SaaS applications, and report on their downtime, security, issues, etc.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
We have a requirement for a project and we are planning to use the User management and authentication service of 'Oauth2'.
Our application will be on AWS so we also wanted to check with AWS Cognito.
Could anyone help us decide, which is the better option to go with?
I would proceed as follows:
Build apps in a standards based / portable manner, via certified open source libraries
Start with Cognito and see if it meets your requirements / identify it's limitations. Avoid vendor specific libraries unless there is a good reason.
If you need to switch vendors you will be able to do so quite easily, since your apps will not be locked into AWS
Out of interest I built all of the samples on my Quick Start Page using Cognito. It is a good place to start because it is stable and low cost.
As a rule of thumb, no vendor solution works perfectly - there will always be gaps between what you want and what they provide.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am a freelance software engineer, I have worked in few areas of computer science, I have made some e-commerce websites in the past. Now I have an opportunity to build a big enterprise level system. I can not disclose specifics about the application due to NDA I signed so pardon me if my question seems broad, let me know in the comments if you require clarification. I appreciate your help.
About Application:
In this application, I would require building a system like uber, there will be people at my client's end for
resolving customer issues, so a CRM is also needed.
customers will be using this app, so I have
to design a separate system that can manage tickets and access
database.
My question is where to start designing such application. I guess I would require DynamoDB and AWS, I have divided modules into parts such as Client App, Database, Dashboard etc. I want to know if there is some case study that can help me decide how to design such large application.
I found this link useful, it gave me an idea of work, but still, I believe it's a long way from money shot.
[EDIT]
To narrow down the scope of the question, What Backend server should be chosen for an application that will serve one hundred thousand users per hour. I will use Mongo DB as the database, and Python as backend scripting language.
IBM has a nice article on Enterprise Architecture,
https://www.ibm.com/developerworks/rational/library/enterprise-architecture-maximum-value/
Before building the software, design how it should work and choose your software components according to that.
Previously you might need costly infrastructure to think something, with recent technologies, you can do them at a lower cost. You need to apply the right architecture and engineering when designing your application.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm currently in the decision of under what license I should release a .NET client software that accesses our web service. The best way to describe my situation would be like Dropbox, as they have a client software that simply allows users to access their web service.
I'm not sure whether the best decision is to go open source on this to promote growth, support, etc or to keep the source closed with some to help reduce the number of non-official clients running specifically meant to misuse / abuse the webservice backend.
(If it helps any the client software will be computing and sending data to a backend, so tampering of the submitted data would be best kept at a minimum.)
Pros, cons, and suggestions are welcome
Isn't there a way to work with sessions in a webservice? If you could implement that, you could make the users of the client login first to your webservice (via the client application), and then only make the functionalities available after a successful login. That way, should you decide to release an open source version, you will greatly reduce the risk of rogue clients already.
As for the decision whether to go open source or not, that's entirely up to you, but I don't think the choice should affect security.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I'm in the position where I may be creating a new web service from scratch - without much pre-existing infrastructure to have to contend with. What resources are there that talk about the architectural aspects of deploying a web service? [Clarification: I'm not talking about an Enterprise SOA orientation here - rather setting up one family of services for the public.]
A first list of topics that I'd like to see covered are:
SOAP vs. REST
JSON vs. XML
Relational Database Backed vs. SimpleDB backed vs. ?
Scaling
Availability
Models for restricting access
Models for throttling access
What would you recommend?
I would recommend Restful Web Services. It's weel written, very complete and vendor agnostic. Also it has a fairly good coverage of both REST (with comparison to SOAP/WS-*), HTTP scaling, resource formats (JSON, XHTML, Atom, XML), security and service modeling.
If you have any specific scaling needs, then you might also want to read Building Scalable Web Sites. It will teach you everything worth knowing about etags, proxies, caching, edge computing and so forth. However if you are just starting out, then the Rest book I mentioned earlier will properly cover most people needs.
If you decide to use Microsoft technology (WCF) then you could check out the Microsoft Patterns and Practices group's online library of guidance.
They have a library located here as part of MSDN which deals with Web Service security, Enterprise Buses (obviously not applicable to you scenario) and PAG's own Web Service Software Factory.
Their main page is located here.
Otherwise, assuming you choose WCF it might be worth checking out further reading such as Juval Lowy's book on WCF, although I fear it may cover the implementation more than the theory and design facets.
Do you know roughly what technology platform you'll be working from?
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I can't find much information around the web about it. Has anyone used both eConnect and the Dynamics web services to interact (read/write) with Great Plains. I am looking for the pros and cons of both approaches.
This product will be installed and configured on various sites, so ease of configuration is really important. I usually hate to mess with IIS.
Should be able to target GP 9 and 10.
Thank you
Use the Great Plains Connector - full info here http://help.boomi.com/display/BOD/Great+Plains+Connector?showChildren=false
and here for pro-cons/limitations etc.:
http://www.articlesbase.com/software-articles/great-plains-customization-how-to-integrate-legacy-application-with-dynamics-gp-452580.html
and of course from the horse's mouth:
http://msdn.microsoft.com/en-us/library/ms994230.aspx
We have done sites based off of web services for GP 9. Don't worry about IIS, there isn't much you have to worry about with that. The install process is very easy. It did not require me to do any configuration with IIS. Some of the configuration is a little tricky at first, like adding users, and setting up policies. But once you get the hang of it, its no problem. We use web services for almost everything now, they were so easy to develop with. I wish there were a few more, to update and access more information which I hope is coming but otherwise easy.
We have used it on ecommerce sites and windows applications. We did not choose econnect because of the ease of the web services, econnect I beleive has more options and we did use it to create and update sales invoices, but changed it to web services. If you have any specific questions please feel free to let me know. Thanks!