If the application is going to be around longer than 5 years, roll your own MVC or ROA pattern in Java. Write your own DAO and database calls (stay away from ORMs). Keep 3rd party library use down to a minimum, limiting your vulnerability exposure and rewrites due to upgrades.
As a developer who has worked on code bases that were home rolled, and built with popular frameworks (spring, rails). The worst code bases I've ever worked on were home rolled. Obviously that's only my experience, but I have a hard time agreeing with this advice.
Home-grown means every other developer that ever has to touch it is going to have huge additional overhead getting started with the codebase (because your documentation is going to be nonexistent), and you're going to spend a ton of time unnecessarily reinventing the basics.
These days it's never worth it to home roll in the CRUD world. There's way too much good tooling out there.
While it is true that there is additional overhead, they did say "if the application is going to be around for more than 5 years".
After 5 years there is a better chance you can make changes to a pure language coded app, than try and get what ever stack was common at that time working.
Basically, it could be the difference between throwing away your app and rewriting it.
> than try and get what ever stack was common at that time working
Doesn't seem like a problem for languages with sane package management solutions, of which there are plenty. A Java app on Maven is going to work just fine in 5 years, and on the latest version of java to boot.
Maven is a build tool and can help manage dependencies. It doesn't ensure your code base is compatible with the latest version of the dependency or ensure the dependency is still supported.
I'm working on code bases that are 10 years old today, built on asp.net webforms and mvc. If you don't choose a FOTM you'll be ok, all the answers are still on SO.
Yup! Make administration less confidential, but try and keep it as secure as possible. Inside attacks are a big problem in the financial industry too. I like the idea of controlling it through a hardened web-app, but may need a little help getting there.
Auditing can be a deterrent to an attack, but won't necessarily protect you against it. It's a good way of letting you know what has happened after the fact.
Think if you had a DB with financials (credit cards and such) in a isolated DMZ with SSH inbound/outbound blocked
How can you dump the DB and copy it off if all the traffic was "proxied" through this?? It's not like you can scp a tarball anywhere.
You can't forward ports and expose the DB outside of the DMZ either.
And it doesn't take admins to setup auditing or disable forwarding, you have physically disabled it.
I got to say I don't understand the single point of compromise thing. A single point of failure is a bad, but the less points of compromise the better. You identify your critical systems, you protect your critical systems. Spreading things out doesn't make you more secure.
Here is an old white paper on some things to think about SSH in your infrastructure.
Well for example if you have a bunch of web servers and you are looking for server errors and you do
# tail -f access|grep \ 500\
on all the instances.
You can then do a regex match on 500 in the app and it will sort the terminal windows that have the most matches to the top. That way you can determine what instances are failing.
I don't think parallel-ssh, cssh, tmux do that.
and it's web-based too.. Which just makes it different, not better!
I don't see why it wouldn't. I guess it would have to use the private DNS though. Currently it uses the public DNS for the instance to connect. It will only use the private DNS if the public doesn't exist. Should be an easy change to make it configurable so you can set it to always use the private.
