On 13.07.2012 17:10, Laszlo Papp wrote: >> He also says that you should at the same time have a discussion with >> Corporate Security to make them understand that the current situation is >> hurting the organization, and try to get it changed so you _don't_ have >> to circumvent Corporate Security. (Normally it's grounds for getting the >> "pink slip" immediately.) > > Why open the port up globally with its own drawbacks just because of > one project? If this can get fixed, and the "circumventing" > (communicating with patches good for a company over 443) is accepted > in a network (let it corporate or personal), I do not see the problem > and the reason to change the existing practicies.
Closing down ports for security reasons can only be a short term emergency measure. Doing it in general does not increase security in the medium term, since the Bad Guys are now using 443 anyway (like everybody else). This whole blocking of ports caused a "port-80-fication" of net services which almost killed for what ports where invented in the first place: service discrimination. Now we have to use whole IPs for that discrimination (like the workaround proposed in this case) or put another addressing-layer into the HTTP content. Complete waste of time and energy in my opinion, because in the end security has not been increased. So, although I fully understand the need for a workaround to keep work going, I fully support Thiagos recommendation to put pressure on the IT departments and managers in parallel. Sven _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
