Software Via Web Browser, A Rant
Back when I first started in information technology (IT), many corporate users accessed their data via something called a 3270 emulator. This was usually software or occasionally hardware on a PC that communicated with a mainframe, and made the PC look to the mainframe like a dumb terminal.
This worked, but it was text-only, and when Windows came along, everybody wanted a Graphical User Interface (GUI, AKA, "point and click on the screen.") Thus was born client-server software. The interface was gooey, but it was a pain-in-the-ass to keep updating multiple software products on hundreds if not thousands of PCs. Then came the Internet, and the idea of getting your software via a web browser.
This sounds great, but there's a real problem. Specifically, the end user is using the same application (a browser) to access trusted internal sites and Happy-Harry's-Bait-Shop-and-Virusware.com. This was not a problem in the 3270 world - a terminal emulator could only talk to a trusted host. What's worse is that much of what makes browser-based software user-friendly is also an extremely good way to download a virus.
Microsoft's solution to this is to create various zones in their browsers, each of which can have designated sites and separate security levels, all of which can be set via Group Policy. All of this is nice, but God help you if the security settings get fracked up.
This worked, but it was text-only, and when Windows came along, everybody wanted a Graphical User Interface (GUI, AKA, "point and click on the screen.") Thus was born client-server software. The interface was gooey, but it was a pain-in-the-ass to keep updating multiple software products on hundreds if not thousands of PCs. Then came the Internet, and the idea of getting your software via a web browser.
This sounds great, but there's a real problem. Specifically, the end user is using the same application (a browser) to access trusted internal sites and Happy-Harry's-Bait-Shop-and-Virusware.com. This was not a problem in the 3270 world - a terminal emulator could only talk to a trusted host. What's worse is that much of what makes browser-based software user-friendly is also an extremely good way to download a virus.
Microsoft's solution to this is to create various zones in their browsers, each of which can have designated sites and separate security levels, all of which can be set via Group Policy. All of this is nice, but God help you if the security settings get fracked up.