[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [school-discuss] Web-based School Administration...
>> It is not web based. Its database (firebird - robust - powerful - free)
sits protected inside your firewall. I have yet to see a web based system
that adequately address the security problems of having your mission
critical data outside your firewall (even if it inside, a hole exists, it
has to). Is it possible to setup a secure system? Probably. See e-weeks open
hack competition, where experts secure an exposed database.
>> After reading the e-week competition, ask yourself if your school or any
school has or can afford that level of expertise, never mind some very
expensive databases. I have spent over 20 years in school data processing
and even in school districts with 100+ schools, I have never seen it.
I agree it is very challenging for a school tech administrator to properly
secure and maintain a web-based student administration system. If someone
hacks into our software, we get blamed anyway even if the local
administrator leaves things wide-open, so take responsibility for the
security up-front. We offer a service to our customers where we remotely
manage and maintain all equipment and provide off-site backups of all data.
We spec-out and buy the hardware, assess and fix their data-center network,
install the server, and lock it down, and pro-actively patch it and so far
we've been able to avoid all the worms, and we have never had a technical
As far as databases go, we use SQL Server, and I am very happy with it. Its
impressive to see 100k+ student districts and states running hundreds of
transactions per second. At times we have managed to push SQL Server to its
limits, and we have not been able to get that kind of output out of any of
the open source databases. At $2k per processor its kinda affordable, but
we would love to be able to drop all Microsoft products from our app. DB2
and Oracle are really the only other alternatives. We could embed Oracle in
our product for 5% of our license cost (but they block out odbc/jdbc access
to the db from everything except out app). DB2 doesn't have a
price-competitive model on servers of 2+ processors, but we are trying to
work with them to get a deal. What is the largest district you have scaled
firebird up to?
>> What does a web interface do for a developer? It gives him less interface
tools to work with. Anything a web interface can do (UI speaking) a regular
GUI can, but the reverse is not true. It adds complexity because it must
maintain a stateless connection and complexity means bugs. The only positive
advantage is that it is cross platform (at least potentially). Heck I use
Mozzilla, but I have to keep IE around because some web sites require it.
Most web interfaces are really crappy, and a webmaster with a graphics
degree makes a poor software engineer. Most people don't realize that a web
application does not have to be built like a web site. The challenge is to
design an effective GUI where users forget that they are using an html-based
application, and it rarely takes a full request/response for user
interaction. We have dynamic spreadsheet data editors, popup spellchecking,
pdf printed output via xsl:fo, keyboard shortcuts for navigation and
data-entry, and input validation on everything. Coding for browser and Mac
compatibility is more of an annoyance than a challenge.
An elegant implementation of a web interface can give you all the web
advantages, without the penalties.