Something like this would be horribly easy to circumnavigate. There's significantly more involved in managing this sort of thing that a simplistic library such as this can manage.Ĭompanies concerned with licensing usually do it because they're protecting their assets from software piracy. If I were concerned about licensing, then I'm really not sure I'd put my faith into a library like this - not least that if the app just shipped with the dll, then it could be swapped out in the blink of an eye with a stub. Net, because they contain enough developers who lived inside the corporate walls and have yet to gain enough exposure to wider community practices, not because of anything about the languages themselves but because if the social dynamics involved in the developer population that work with these languages. To clarify this is to say that the only two developer communities where I would not be surprised to see this are Java and. ![]() Since that’s the only place this is even close to safe, 100% inside the corporate firewall. Net developer, as along with Java devs seem to be the last remaining pockets where it’s obvious that a developer can go their entire career without knowing anything about code outside the corporate Network. Net world), or a regular HTTP API would have been completely adequate and this database driven solution is the sort thing I’m not surprised to see from a. The mitigation would have been trivial, gRPC, gRPC Web(which has excellent support in the. ![]() access by arbitrary clients…Īnd requires end users to carve out firewall/network security rules to allow outbound connections to an arbitrary database server, which is a pretty significant data exfiltration vector and I’d be extremely concerned about enabling this even at the best of times… On the licensing service side as they have to lock down a database server to allow safe A.C. It’s beyond not a sensible API, it’s significantly harder to secure, inappropriately so…
0 Comments
Leave a Reply. |