Comments on: The Next Managed Services Battleground: APIs http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/ Managed Services & Cloud Services Blog for VARs & MSPs Tue, 14 Feb 2012 18:25:29 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Joe Panettieri http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/comment-page-1/#comment-3229 Joe Panettieri Thu, 13 Mar 2008 03:07:57 +0000 http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/#comment-3229 Digital Edge: Yes, anybody can "call" public APIs. But through open source and open standards, the programming masses also are free to closely examine code for security holes. And those same programmers can close the holes -- instead of waiting for a proprietary software company to discover and find the holes on its own time and schedule. So far, the open collaboration and inspection of software APIs seems to be ensuring relatively secure code. I am not suggesting that Linux is inherently more secure than Windows. But I do believe open APIs -- where everyone has complete access to them -- is a stronger model than a closed-source model, where only a select few folks have a complete view of the code. Hopefully, MSP platform providers will fully document and publish their APIs -- empowering partners to plug into their systems far more easily. Digital Edge: Yes, anybody can “call” public APIs. But through open source and open standards, the programming masses also are free to closely examine code for security holes. And those same programmers can close the holes — instead of waiting for a proprietary software company to discover and find the holes on its own time and schedule.

So far, the open collaboration and inspection of software APIs seems to be ensuring relatively secure code. I am not suggesting that Linux is inherently more secure than Windows. But I do believe open APIs — where everyone has complete access to them — is a stronger model than a closed-source model, where only a select few folks have a complete view of the code.

Hopefully, MSP platform providers will fully document and publish their APIs — empowering partners to plug into their systems far more easily.

]]> By: Digital Edge http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/comment-page-1/#comment-3228 Digital Edge Thu, 13 Mar 2008 02:56:25 +0000 http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/#comment-3228 Both, Wintel and Unix based platform was trying to create a mechanism for inter-platform or inter-system communication such as DCOM, Corba etc. Internet based services communicating over SOAP protocol allows real integration of heterogeneous systems. It is easy to publish data from mainfraim over web service and pick it up in windows environment. This is the future. Consider this, spiral evolution moved us from centralized processing and thin clients on mainfraims to de-centralized client-server and now we have centralization trend again. Look at NetSuite – centralized catalog with SOAP based APIs. This is just one in thousands examples of today processing. There is only one big problem. If those interfaces (API) published on the public Internet, then technically anyone legitimately can call them. Sure some of them will require authentication but modern hacking technique allows smart penetration such as cross site scripting or injections. The more public APIs are developed, the more possible publically exposed security holes, the more hacking attempts security companies will have to address. I showed a few examples when through simple zip code lookup API I could pull out the whole database. Another example was when injected code could replace customer’s CC processing form with hacker’s form that was collecting and submitting CCs to hacker. So buckle up… Both, Wintel and Unix based platform was trying to create a mechanism for inter-platform or inter-system communication such as DCOM, Corba etc. Internet based services communicating over SOAP protocol allows real integration of heterogeneous systems. It is easy to publish data from mainfraim over web service and pick it up in windows environment. This is the future.
Consider this, spiral evolution moved us from centralized processing and thin clients on mainfraims to de-centralized client-server and now we have centralization trend again. Look at NetSuite – centralized catalog with SOAP based APIs. This is just one in thousands examples of today processing.
There is only one big problem. If those interfaces (API) published on the public Internet, then technically anyone legitimately can call them. Sure some of them will require authentication but modern hacking technique allows smart penetration such as cross site scripting or injections.
The more public APIs are developed, the more possible publically exposed security holes, the more hacking attempts security companies will have to address. I showed a few examples when through simple zip code lookup API I could pull out the whole database. Another example was when injected code could replace customer’s CC processing form with hacker’s form that was collecting and submitting CCs to hacker.
So buckle up…

]]> By: Elliot http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/comment-page-1/#comment-3213 Elliot Wed, 12 Mar 2008 18:28:42 +0000 http://www.mspmentor.net/2008/03/12/the-next-managed-services-battleground-apis/#comment-3213 This is absolutely dead on. And Kaseya has first mover advantage with its APIs. This is absolutely dead on. And Kaseya has first mover advantage with its APIs.

]]>