[ale] running OPA (other people's apps) on my network

Jim Kinney jim.kinney at gmail.com
Thu Jun 25 14:34:35 EDT 2009


Ask your company legals if _your_ company will be held liable if
_their_ app opens a security hole and "bad things happen".

Get a java decompiler, use it and send the decompile back to them and
tell them you will compile "that" code and run it. (OK. I'm being
bull-headed here).

At least secure the machine as best you can and don't allow ANY LAN
access to or from it. Require an air-gap and sneaker-net for data
upload. That will make a problem on your end but if it's your tail on
the line for security and you have the authority, exercise it!

On Thu, Jun 25, 2009 at 2:23 PM, Chris
Kleeschulte<chris.kleeschulte at it.libertydistribution.com> wrote:
> I need opinions here.
>
> For a while now, I have been forced to run Custom Data Solution's
> DataStreamer Jar file on hardware under my care. For some reason the
> before-mentioned company insists on me running this jar file to be
> able to submit data to them so we can get a discount from the vendor
> that is a customer of theirs.
>
> I have asked to just POST the data to them and they can run their own
> app against it on their machines, they refuse.
>
> I have asked to see the source code for the datastreamer java app,
> they refuse.
>
> I have told my company not to comply with their data plan, my company
> refuses.
>
> Custom Data Solution says that they have many customers who run their
> app on the customer's machines/network, nary a complaint.
>
> I have quarantined this app as much as possible, but this is extremely
> bad business for CDS to ask me to run their app on my network without
> providing me the source code. I try to run only apps that I compile
> myself or from trusted sources.
>
> What would you all do in this situation? I guess I am just wondering
> if you think that it is absurd for a client to ask a supplier to run
> their software? The unmitigated gall.
>
>
>
> Chris Kleeschulte
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness


More information about the Ale mailing list