James has often compared DQL and SQL, assigning the security weaknesses of one to the other. While there may be valid concerns for some ECM query languages, DQL is actually fairly secure from this type of attack. Don’t get me wrong, it isn’t foolproof, but it isn’t an apples to apples comparison. Let’s compare and look. Be sure to add comments to question or add.
Information
This is the work part. Posts here relate to the craft of my career and profession.
Secure ECM Systems
In my earlier post, I called James out on his post, which was a fairly biased statement about EMC’s testing for security, or lack thereof. In my post, I pointed out that the security warning did not warrant such an attack. I tried to point out that James wasn’t necessarily wrong in his statements, just that he didn’t provide any evidence that backed them up. He criticized their proactive efforts when the source material calls for a reactive effort.
Well, James replied to me in two subsequent posts. The first post endeavored to teach me about the importance of testing for security in systems proactively. It wasn’t a lesson that I needed, having heard of the SQL Injection attack back in the 90s as a weakness in ASP applications (or at least an attack that was fairly similar). Being aware of these issues, I’ve make a point of controlling what a user can do in interfaces.
His points are valid though, so I wanted to take time to talk about them. This is my first post in a series addressing the points he brings up. So if I don’t address something now, don’t worry it’ll come.
Inciting Insight or Panic?
Normally when I read a post by James McGovern, I understand that he is trying to get under people’s skins in order to provoke a response. Some people respond to this by attempting to give the type of information that James is looking for in a post of their own. Others view it as a form of harassment and try their best to ignore it, though James just looks on that as a form of encouragement. Both reactions are perfectly fine.
I, and pretty much every blogger, are not compensated for writing our blogs, much less for responding to James. It is optional. When I blog, I do so as me, myself, and I. Not as an employee of any company or organization.
SharePoint and ECM Working Together
Andrew Chapman got a new gig. He is now in charge of SharePoint solutions for EMC. I am assuming that this includes Content Services for SharePoint (notice the old site link still works) as well as any other current and future products. I couldn’t be happier. Andrew knows how to listen and evolve his thoughts based upon new information and experiences.
In many ways, this is an out-growth of his work in the world of compliance and records. He had seen how organizations were having trouble managing their growing SharePoint environments and they were asking him how to get Documentum and SharePoint to work together. Organizations like SharePoint’s user-interface and Documentum’s ability to enforce business rules and manage the large amounts of information being stored. Andrew voiced his opinion one too many times and his new job was born.
One EMC and eRoom’s Place There
So you may, or may not, have realized that EMC recently changed their website. Now, if I was a storage customer, my first reaction would have been, Oooooooo. Pretty. However, as a Documentum/ECM guy, I also went Where did all my stuff go?
X-Hive and the Content Server
On the 17th, I had the fortune of attending a briefing/seminar on X-Hive. It was a series of presentations given by Jeroen van Rotterdam, one of the founders and architects of X-Hive. Jeroen is now the General Manager of XML Solutions for EMC. I was able to learn more about the product and its future within the Content Server.
BEA…Going, Going, Gone
So, a while back, Oracle made a play for BEA at $17 per share. BEA told them to take a hike for anything under $21. Today, BEA caved at $19.375. That’s right, caved. When you offer someone a 25% premium and then later are able to buy them for only a 24% premium, you win. Yeah, they may be spending an extra $1.8 billion, but BEA is worth a lot more now. What does this mean? It depends on who you ask…
Measuring ECM Performance
I was reading a post by Lopataru on his blog. For those that haven’t read his blog, Lopataru is working on his PhD research, focusing on Content Management. He is trying to determine what makes a Content Management system high-performance. I’m not going to analyze his thoughts, but I am going to add some independent thought to the issue.
Patenting a Standard
I haven’t been a big booster of JSR-170, the Content Repository for Java Technology API, or its sequel JSR-283 here. It isn’t that I have anything against them, it is just that I think that the bigger problem is at a higher level of the architecture stack. I think ECM systems should be accessed through Services and not APIs whenever possible. It is also a little too technology focused.
RSA and Autonomy
Just wanted to share with everyone. I learned that the OEM agreement that I mentioned earlier between Autonomy and EMC is for the RSA product line and not Documentum. There had been a slight discussion going on in my previous post on the topic that Autonomy wasn’t destined for Content Server. Now we know.
So it seems that Search is still on the same path. Upgraded FAST and an option for Lucene in D6.5. This should also lead to more plug-in architecture for Search engines in the future. It also means that we need to watch Microsoft more closely once they close the deal in Q2.
The folks at Brilliant Leap! and Lee Smith had some interesting thoughts (Read in that order). However, with the information regarding RSA, it spins it a little straighter.
Word of Pie 