RE: Why are developers choosing to...

["Behm, Jeffrey L." <BehmJL () bvsg com>]

> On Friday, January 20, 2006 3:04 PM, Darren Reed so spake:
>
> > I am seeing more and more "websites" that use a URL such as
> > http://register.at.my.site:10443. Why not just use the standard
secure
> > port 443 from the get go?  Is there something that makes SSL across
> > 10443 innately more secure, or is this just the "security by
obscurity"
> > smoke-and-mirrors trick?
>
> Well, you don't have to run the web server software as root, if it is
> running on Unix system, to use port 10443.

Right, you don't, but then (the intent of my original question) your
application doesn't work across prudently configured firewalls, either.
Also, when *not* running as root, the developers then have the ability
to just stop and start the thing (can you say Windoze?) when their
coding deficiencies cause it to stop responding. We find keeping
services like this on low ports is a bonus that *deters* poor coding
techniques, as they know we'll know *every* time they want to stop and
start it, because they have to call us to git'r'done.

The consensus seems to be that there are a multitude of reasons this
occurs, and they mostly point to someone being 1) cheap (don't want to
pay for another IP address/SSL certificate, etc.) 2) lazy (worked in
development this way, so it *must* work in production this way) and/or
3) ignorant development practices(Port? What's a port?).

Thanks for all the responses.

Jeff
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards