Re: [Treebase-devel] TreeBASE hosting at Naturalis

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>
> Mostly ditto. However, TreeBASE still stores passwords in the clear, which
> is a major security flaw and vulnerability. There may be others waiting to
> be discovered. The code, to the extent I know, has never been
> security-audited. There is currently apparently zero funding for code
> maintenance, and so time will only reveal more security issues, not less,
> including issues caused by reliance on end-of-support versions of Java,
> Tomcat, etc.
>

Mmmm... yes, we never did get around to hashing the passwords, did we? I
think I will have to discuss this with them because they are quite big on
practicing due diligence on stuff like this.

>  - testing, i.e. do bug fixes and enhancements work as intended on the
> staging server (presumably this is shared, e.g. they deploy, others test &
> verify)
>
>
> Congruent with NESCent hosting, except that we redeploy staging and
> testing automatically upon commits.
>

Is this Jenkins? I expect the ICT dept will just want to copy this setup.

> - system/db administration, i.e. checking performance and tuning it (to
> the extent that this doesn't involve code modifications they would do this)
>
>
> Again, this would be congruent with NESCent hosting.
>

Cool, thanks!

Rutger