All posts for the month July, 2012

You occasionally hear people refer to “security through obscurity”. This refers to the belief that if you make your security scheme as complicated as possible it becomes secure. This is, however, built upon the assumption that “not provably insecure” is the same as “provably secure”.

It is frequently the case that ¬†those espousing “security through obscurity” are more motivated by “job security through obscurity”. Abstruse security schemes are fiddly and difficult to operate and also problematic to untangle. They are also difficult to get right. When it comes to ensuring that a computer system is not compromised complexity is the easiest way to make a costly mistake. They often suffer from issues of “weakest link in the chain” or multiple layers of weak security.

So Springsmith applies a very simple philosophy to security…use simple, standard and well used security schemes. The Spring framework is an ideal method for applying this to both new and extant Java projects.

From server database middle-ware to devices in your pocket – the Java language is now all but ubiquitous. Why should you choose Java to address a heterogeneous system?

There is often a temptation to “go native” and use software technologies unique to a particular platform. Using C, or assembler or .Net based on the theory that it will run faster. The development times and specialist knowledge involved with such a course of action almost always vastly exceed the benefit. It is likely better to buy a faster machine, or extend the server farm or move to a cloud based solution.

Although those options might sound complicated, in fact Java assists in implementing them. A common language across the code base also means that functionality can be migrated or devolved as necessary.

There is also nothing like having the same code handing the protocol on both sides of a link!

Springsmith picks up on a project philosophy of build from “something simple and useful”. Although the ultimate target may involve a database server farm, load balanced web-servers and distributed clients with native code; often a project should start by providing a usable chunk of functionality without using all those hardware targets.

Spring provides an opportunity to build up a system by migrating functionality between devices, integrating new functionality and introducing new functional concerns (e.g. network security) as the project evolves. Spring enable you to do this  without messing about in already tested source files and often exploiting publicly available code.