I recently touched base with Karen E. Klein, journalist for the LA Times and other notable publications, to talk about which pages are most important to include when building a Web site. Take a look at the short Q&A that ran in yesterday's edition of the L A Times.
One longstanding debate in development is whether application tools provide enough power to create applications with professional designs. Independent design contractor Maryjane Fox recently wrote about the topic, and gave her opinion on the capabilities of Alpha's design tools.
Alpha believes designers would like to use a single tool with all the strengths of different design tools available. We're not saying Alpha Five has absolutely everything designers need, but here's a Dreamweaver user who took a chance with Alpha Five.
As a contractor, Maryjane needed an application development solution that would save her company, Defiant PC, time and money, and produce a final product that left her clients satisfied.
Interested? Read on below, or take a look at the PDF version.
Customer Profile
Defiant PC, Paducah, Ky., specializes in graphic design and Internet/intranet application development. Founded in 2000, the company has launched nearly 400 Web sites for its predominantly B2B client base.
Location
Paducah, Ky.
Industries
Software and database development
Situation
Defiant PC had been using Web pages with CGI scripts to build commerce-enabled Web sites for clients. However, the browser-based administration interface produced a burdensome ordering management process for retrieval and manipulation of data. As a result, Defiant spent more time training clients in interfaces usage and data retrieval. Worse, Defiant's personnel often had to walk clients through the process, assuming the document management responsibility. Defiant's leadership had to redesign their Web sites as fully integrated e-commerce engines, with a true self-service interface for clients.
Solution
Seeking a better business process, the company sought a solution that could integrate the Internet and a desktop database. They sampled a number of products, and experimented with many programming languages, all of which were either too simple or to advanced for Defiant's needs. When the company discovered Alpha Five, the search ended. Using Alpha Five, Defiant's designers and developers rapidly created an integrated solution, complete with Web pages, back-end MySQL database, and reporting functions. The prototype site had all the desirable features that the previous script-based incarnation supported, plus added features that Alpha Five's fully integrated approach made possible. These included native MySQL connectivity, integrated user management, security, and reporting. Defiant PC created a clean management system that allows their clients to easily manage their site features, inventory, and orders. The company is now working with Alpha to create an advanced, all-in-one shopping cart system that fully integrates their e-commerce structure and eliminates unnecessary company work.
Benefits
The switch to Alpha Five helped Defiant PC expand their Internet development scope and incorporate far more than e-commerce services into their sites, including forums, blogs, and database-driven informational services. Alpha Five allows Defiant PC to complete processes that previously required tedious coding of Perl of PHP faster, easier, and more securely. The company slashed its database development time from three weeks to less than three days. It also dramatically reduced its Web site development from two months to two weeks. Native access to MySQL resulted in fully integrated self-service applications that don't require external scripting, perform faster, scale better, are more secure, and provide centralized storage with automated management reporting. Alpha Five's ease of use means every Defiant PC employee-including newcomers-can design, develop, and deploy Web applications in record time. Perhaps most important, Defiant's clients now have direct, access to all their e-commerce site features, with no technical training required. They can control, view, manipulate, and track inventory, orders, and data, which can be further analyzed through the built in reporting capabilities.
For More Information
Alpha Software, Inc.
781-229-4500
www.AlphaSoftware.com
Defiant PC
877-521-6392
http://www.defiantpc.com/
If you'd like to see your Alpha story showcased here, contact Kate Richie from Alpha's PR team at 610-642-8253 ext. 162, or KateR@GregoryFCA.com.
We thought it would be a great idea to talk to customers, and broadcast their interviews here as podcasts as a new form of a case study, in addition to the PDF versions we've been creating.
These podcasts are unscripted, unedited chats with customers and developers who use Alpha every day. Our goal is to give you unfiltered, real-world customer perspectives on the Alpha Five experience -- warts and all. (Of course, we think there aren't any warts, but customers sometimes think otherwise).
As usual, the best-laid plans often go awry. Our first interview was with Bill Terry, an independent software developer, and a former FileMaker user who has since moved to Alpha Five.
The interview process itself went well. Bill was a wonderful guest. Unfortunately, we had technical issues with the recording, and ended up with a rather shoddy audio file. It just wasn't listenable.
We were, however, able to get the interview transcribed. So here's our first "podcast," verbatim, without the audio, but with all the words (we did edit out the "ums" and pauses and whatnot).
We will certainly get the tech issues figured out, and you'll be able to tune in to full "customercasts" soon.
Alpha: So, let's get underway. First of all, I want to introduce you to the folks who are listening to this online, we're speaking with Bill Terry and, Bill, why don't you tell people who you are, what you do, and then we'll get into why you're here.
Bill: Well, I'm actually an on-my-own software development company. Years ago I got started with FileMaker and eventually moved over to Alpha, and I've done a lot of research on databases and finally decided that Alpha was the place I really wanted to be and did a tremendous amount of research on database applications.
Alpha: I want to just open this up by having you answer a simple question which is have you and I talked about any messaging points, we told you what to say, are you aware of our marketing plans or anything like that? And the reason I'm asking this is because we're doing this online, it's a podcast, it's going to be on the company blog, and I'm committed and the company is committed to transparency, but the last thing that we want to do with this podcast or any podcasts that we produce is put out baloney, and I just am asking everybody that we talk to on any of these conversations to tell the audience if any of this has been prepared or scripted or if you've been told what to say.
Bill: Nobody has scripted. It's just me talking to you and we're just talking about where I'm at and where I want to be.
Alpha: So let's talk about your history. How long ago did you get involved in application development?
Bill: It's actually been about ten years for me, so I've been doing this ongoing and I've looked at a lot of different products. I've looked at IBM, SQL Express, Oracle Express, and literally decided on Alpha as the product I wanted to work with.
Alpha: Has your focus been on databases?
Bill: Yes, absolutely.
Alpha: And talk about some of the applications that you've built over the years. What was the first database app that you built?
Bill: It was an inventory-type application. I did research on shareware and looked at what type of applications were out there, and I really found out that there's a lot of stuff out there that really isn't that good. And then I actually trained myself. What's really important to a user? It's important to have really good user-friendly interfaces, queries are very, very important, so in a lot of cases that's how I learned what's really important to the small business or medium-sized business.
Alpha: What did you build that first application in?
Bill: Actually, FileMaker was my learning tool. That was the tool I started out with.
Alpha: So what version was that? Do you remember?
Bill: I can't even remember it's going back so far. [ laugh ]
Alpha: It would have been -- what? -- in 1997? Thereabout?
Bill: Yes, yes, it's been quite as well.
Alpha: And first learning curve on that product?
Bill: Well, you can build an application fairly quickly. They do have limited scripting there and for a lot of people, that's all they want. But when you actually talk about real-world applications and you start getting into complex issues, that's when I really started to look for a different platform.
Alpha: So let's talk about that. What I'm hearing is you settled on FileMaker after '97, after that first experience, it was working for you. You started to make a living at this?
Bill: Not really at that time. I was just getting into database applications and really wanted to develop into at the expertise level, so it was just a learning curve for me.
Alpha: And so when did you realize this was a potential career?
Bill: Actually, after I got acquainted with Alpha Software, I figured out that with the Alpha platform I could develop applications very quickly, and from interfacing with small- to medium-sized businesses, you realize a lot of those businesses deal with budgets, and you have to be able to develop a product on time and within their cost range, so coming upon Alpha and the fact that I picked it up very quickly and I could generate a very complex application very quickly, and I knew from that point in time this could be a very nice lucrative career for me.
Alpha: So what were some of the roadblocks that you ran into that put you on a path to look for an alternative platform?
Bill: Well, some of the roadblocks are if you get into a project like, say, you're at the 90 percent completion level and you run into a roadblock where you can't really quickly develop the functionality or you have to depend on some third-party plugin, you know you're pretty much dead in the water. And one or two instances of that, you just pretty much throw your hands up and say, 'Listen, I have to do something different.' You know? So that's what happened to me.
Alpha: So you were really looking for something that you could invest your intellectual capital in, focus on the business logic that you had to deliver, the automation, the business process automation for want of a better term, to clients without having to have a concern that additional add-ons would be needed at various crossroads?
Bill: Oh, absolutely, and everything was there with Alpha and, when I went into the Alpha forums, I found developers very active in those forums, and that's what really sold me, because these are the guys out there trying to make a living doing this, and if they're in the forums, they're talking, they're discussing, if I present a question, it gets answered -- that pretty much sold me, you know, this is where I want to be. You know?
Alpha: So about when did you make the decision to go to Alpha and how painful was it. I mean, I'm assuming there had to be some pain to migrate over existing applications, or did you just start from scratch on the next job that you got?
Bill: I pretty much just rolled up my sleeves and dug into Alpha and started creating applications. I mean, that's just what you have to do, you know? Just learned every aspect of it. I bought quite a bit of training and read the books -- hands-on -- that's really what you have to do.
Alpha: And what were some of the applications that you started off with? What was the first commercial application that you delivered for a client that you built in Alpha?
Bill: I tried to specialize in warehousing and inventory with businesses.
Alpha: Do you have a background in that area?
Bill: No, I don't, but that's something that I just learned along the way. I found out that people are moving to the Web and it's becoming very important for businesses to deliver their information across the Web, so that's really my next focus.
Alpha: About when was this? What version of Alpha did you get started with?
Bill: I got started with Version Seven.
Alpha: Okay, so you are a recent convert.
Bill: Right, right.
Alpha: And looking at Version Seven, what would you say are the critical capabilities that you depend upon, that you take advantage of that really deliver value to your customers?
Bill: Well, the ability to develop custom applications, I mean, when you look at Alpha, they've got over 2,000 extensible functions, the action scripting you know, 200 action scripts a lot of that is just plug and play, so you can quickly develop the functionality that the customer is looking for and stay on budget - you know? - so that's really the key.
Alpha: In building these applications, are you - and there's no right or wrong answer here, again, we're just trying to get a sense of Bill Terry and his world and what advice you may have for listeners out there or what insight you can provide them - are you reusing application code? Are you building fresh applications to a fresh specification each time or is there commonality between these clients that you work with where you're able to leverage various pieces of application architecture that you've built in the past?
Bill: Well, certainly you try to utilize all the code that you've built in the past. I mean, that's really what you want to do. And there is commonality. I mean, these businesses are looking for user-friendly screens, after a while things kind of blend together and you figure, well, this really makes sense and it's in your mindset, so that is true.
Alpha: What about the need to customize and extend sort of the base application requirement? One of the things you talked about was your finding more demand among the people that you serve to run these things over the Web. Why do they want to run them on the Web? I mean, it seems to me - and I'm just playing devil's advocate here, Bill - but it seems to me that if I'm in a warehousing environment, I'm trying to manage items, inventory, and movement of those things, why do I even need to do that over the Web?
Bill: Well, let's face it. Small- and medium-sized businesses are running very lean today and they want the inventory to show up out there on the Web so their customers can look it up. They look up their own inventory and they place their own orders, so it's just a terrific cost savings for companies, you know?
Alpha: And what's the challenge for you? You're in Alpha Seven and I guess you've moved to Alpha Eight -- Alpha Five Version Eight. One of the things that was highly touted about that when the company rolled it out was the improved Web development capabilities. My understanding is that Seven did do Web but it didn't do it as well as Eight -- and, again, feel free to disagree with anything I'm saying, we're interested in your point of view, not some marketing line -- but my understanding is that Eight, there were a lot of improvements there and, in fact, there's even more improvements in Nine in realms that I'm not sure I'm allowed to talk about yet. But what's your experience with the difficulty of building an application that needs a database application that needs to run over the Web, let's say FileMaker versus Alpha Seven versus Alpha Eight?
Bill: Well, when you look at some of the other software out there, they want you to utilize THP, you know, XML. These are things that are difficult to use and actually result in a higher Cost Of Ownership versus Alpha which its components that you're actually plugging in, you're able to plug those components in and run with it, and that's just a tremendous cost savings as far as developmental costs.
Alpha: So what's your method? You have an application that you've built for John Doe, Inc. and the client comes to you and says, 'You know, I really want to do this over the Web.' Do I get in a cold sweat or do you have a path that you would follow to do that? I mean, how difficult is it? I can tell you that if I were an application I'm a VB developer, been a BASIC developer for since Microsoft BASIC 1.0 practically, and I really can't do it anymore because either my skill set hasn't scaled or VB has gotten too difficult to use, but if I have an application that I've built in VB, there's no easy way for me to put that application on the Web. I essentially have to re-architect it and, you know, maybe there are VB developers who are listening to this will tell me that I just don't know what I'm doing and I'll accept that, but what's the situation if you're an Alpha developer, Alpha Seven/Alpha Eight, and you have an established application - not something new - established application and you need to provide a Web interface. How would you go about that and how challenging is that going to be?
Bill: Well, essentially you start out with the tasks that are involved. What does this company want to do? And then you work your way to the tables, the indexes, the functions, and actually putting it out on the Web is not that difficult once you've done your homework and you have that baseline application. So it's really not that difficult.
Alpha: So you would remain within the Alpha Five Version Eight environment to do this?
Bill: Absolutely. I mean, it's a terrific product and nobody is paying me to say this, so ...
Alpha: So how would you take a form, let's say, that maybe provides a listening of inventory and expose that on the Web? What do you do? Do you build a new form? Do you Web-enable the old form? How would you go about that?
Bill: Well, you're looking for the fields that are important, the end user, what information do they want to present to the end user or their customers or whatever, and I just design what I want that to look like and go from there with the Web components, so ...
Alpha: So basically you would have the same database that you built and you're just leveraging that with new user interfaces, new presentation layer, that you would build with Alpha Five Web components.
Bill: Right, that's really the key in success of Alpha Software.
Alpha: And the same application server, is it able to handle the desktop users as well as the Web users?
Bill: Yes, you can have that on the same work station. It's just, it's right there, you know?
Alpha: One of the things that you've been interested in is providing some support and information for FileMaker users who want to move over to Alpha Five. One of the things that I'm told by the company is that they have seen a significant -- I'll use the word uptake -- in interest from FileMaker developers moving over to Alpha Five Version Eight since FileMaker has released their most recent version, and there's a whole bunch of reasons that we get into that the company speculates as to why, but the fact of the matter is there seems to be a ground swell of support from FileMaker developers wanting to switch.
Bill: Right.
Alpha: What's some advice that you can provide them that will help them make the move as painless as possible? First of all, clearly you think it's a good way to go because that's the way you went. What is your message to FileMaker developers?
Bill: Well, my message to them is try to contact somebody that can get them over that initial hump. I know in a lot of cases they feel like, 'Gee, I'm going to have to learn a whole new programming language and the learning curve is going to be steep,' and generally that's not the case. Anybody with average ability can pick up Alpha Software very quickly. But if you can connect with somebody that can help you out on some of the simple things and move on quickly, it's like the whole world opens up to them, so it's a nice way to go and I'm willing to offer that support, so ...
Alpha: So where would they go for that? We'll put out some contact information for you before we go off the air here. Where did you go? You mentioned the Alpha forums, you mentioned training materials. Give us some specifics. What did you take advantage of?
Bill: I took advantage of the Alpha forums. I actually contacted people out there and, believe it or not, they came forward and gave me a wealth of information, so it's out there. You just have to utilize it.
Alpha: So this would be the message boards that are on the AlphaSoftware.com Web site?
Bill: Right.
Alpha: And where can folks, how can folks find you, Bill?
Bill: I have a blog that I run. The URL is www.wcterry.typepad.com.
Alpha: And that would be www.wcterry.typepad.com.
Bill: Right, or they can e-mail me at wcterry@comcast.net.
Alpha: And that's wcterry@comcast.net.
Bill: That's correct.
Alpha: Well, I appreciate the time you've spent with us on the podcast today, and wish you good luck on all your future endeavors.
Bill: Well, thank you very much
Holiday Web traffic jumped 10 percent on Black Friday, according to market researcher Nielson Online. In one day, 21.2 million unique visitors shopped at over 120 representative online retailers. That's up from 19.2 million uniques last year.
E-tailing has been winning ever-larger slices of the commerce pie for over a decade. And yet, many companies (mostly small and mid-sized businesses) struggle to do business online. The reason is simple. Building and maintaining an e-commerce site is STILL a daunting technical challenge.
We decided to do something about it. Today we released a turnkey e-commerce system easy enough for any marketer to use. AlphaStore 2007 provides everything an organization needs to do business online.
Built on the Alpha Five database, Alpha Store 2007 is a ready-to-run online shop, complete with shopping cart, payment system, and full reporting. It's easily customized to market any products or services. You can get it for only $199.00 through December 7, after which the price jumps to $299.00.
For more information, visit our AlphaStore 2007 page, or take a look at the press release that hit the wire today.
A recurring question in the business world is how a company is supposed to develop, run, and maintain an efficient application system without an IT department. DisplayCraft Inc. decided to give Alpha Five a try.
Read on to learn about how Alpha Five helped them transform their business, or check out the full PDF version.
Customer Name DisplayCraft Inc.
Customer Profile DisplayCraft has manufactured and designed trade show exhibits since 1957. It is a $6 million company with 23 employees, located in Plainville, Conn. The company manages about 500 trade shows and events each year in the U.S. and abroad. DisplayCraft's innovative thinking and integrity of action result in the company's ultimate goal: genuine client satisfaction and trust.
Location Plainville, Conn.
Industries Manufacturer and designer of tradeshow displays.
Situation During the 1980s, DisplayCraft found they were going through a tremendous growth period, and suddenly needed a method to automate and manage their client's tradeshow schedules. The company hired a professional developer to create a system that would allow every employee to be in sync with client schedules and requirements in one database. Coding from scratch made building the database slow and tedious. After two years, the company still lacked a database that could fully address their needs. DisplayCraft tried other name-brand scheduling databases, but still needed an internal connection to the main system. Without digital reminders for actions and purchase orders, the system was disorganized and inefficient. DisplayCraft needed an application that would seamlessly tie together various forms necessary for employees to complete daily tasks.
Solution Then DisplayCraft found Alpha Software. Using Alpha Four, Carvalho produced the company's first integrated scheduling database in only 30 days. Completely satisfied with the results, they later transitioned to Alpha Five. Currently, Alpha Five is fully integrated into their system. DisplayCraft now has over 500,000 records of shows/events, schedules, clients, vendors, invoices and purchase orders in their database, created wholly with Alpha Five.
Benefits Alpha Five's code-writing tools boiled down complicated processes into simple procedures, saving DisplayCraft significant time and money. The company created a trade-show management database, which combines separate forms used for scheduling, projects, and accounts. It automatically checks project status, and updates account managers with job number requests. This new calendar makes retrieving information as simple as clicking a button. Alpha Five also gives the company the tools to make professional and effective Web forms. Just as important, the new database increases security by allowing only exclusive departments full access to the database.
For More Information Alpha Software
781-229-4500
www.AlphaSoftware.com
DisplayCraft Inc. 860-747-9110
www.DisplayCraft.com
If you're interested in having your Alpha story published, contact Kate Ritchie from Alpha's PR team at 610-642-8253 ext. 162, or KateR@GregoryFCA.com.
For developers, it seems like the more they can do with Alpha Five, the more they want to do. And with this desire comes the challenge of figuring out +how+ to do anything for the first time.
SQL is one such challenge. SQL opens the door to a universe of database back-ends, but it also stands as a barrier to developers who are accustomed to building native databases. Common beginner questions include, "How do I connect to a SQL data source?" and "How do I create a Web app that leverages a SQL database?"
We just posted a new tutorial video that deals with these topics. This video uses report generation to illustrate how to create the connection string, define the data you want to use, connection options (ADO, AlphaDAO, etc.), how to log in, what database to use, what table, what fields, etc.
Another covers questions regarding using Web applications with SQL data. You'll find the steps for connecting to the database are similar for Web components, imports, reporting, etc., because they all use the same interface.
Our complete tutorial library is located here. If you can't find the topic you're looking for, let me know.
I recently spoke with Adam Tobin, the Database Administrator and Application Developer for Florida Peninsula Insurance Company, who told me how Alpha Five helped his Florida insurance company manage its tens of thousands of customers every day.
Read on below, or check out the slick PDF layout.
Customer Profile
Florida Peninsula Insurance Company provides property insurance to Florida consumers. The company focuses on helping policyholders financially recover after natural disasters. Its seven-person management team has over 100 years of insurance industry experience.
Location
Sunrise, Fla.
Industries
Insurance
Situation
Florida Peninsula Insurance Company wanted to improve the management of tens of thousands of customers and their claims processed each year. It needed a rapid application development tool that would speed production of their claims management system. The company also worried about the level of security its current system offered for the constant flow of sensitive financial and personal information. To fix the problem, Florida Peninsula contracted a developer to create an application in PHP. But the application took several weeks to develop, and the result was primitive.
Solution
Searching for a better solution, Florida Peninsula found Alpha Software. The company hired an independent contractor to develop a system using Alpha Five. No one within Florida Peninsula had development experience with Alpha, so its developers were initially hesitant. But because of Alpha's short learning curve, the company was able to rapidly develop the SQL backend, without having to hire a DBA. In under two weeks, Florida Peninsula was developing new applications, and fine-tuning old ones using Alpha Five.
Benefits
Alpha Five offered Florida Peninsula a cost-effective solution for its data management needs. The company is now able to make significant maintenance improvements to their tens of thousands of policies daily, usually in under an hour. The company can also handle database administration, management, and development without struggling. Plus, the sophisticated claims system application helps Florida Peninsula rapidly transfer information from phone to form to database. All data travels through the interface in real-time, giving insurance claims adjusters access to information within minutes of a claim's filing. Moreover, the company completes all daily reporting online, and now manages its claims faster and more efficiently. The backend database also speeds claim payments -- a crucial feature when customers need immediate attention and help. In addition, Alpha's security framework gives Florida Peninsula the protection and peace of mind they need for handling customers' sensitive insurance information. The company is now so confident of Alpha Five's capabilities, it plans to implement a self-service application in Alpha Five that will enable customers to file claims online.
For More Information
Alpha Software, Inc.
781-229-4500
www.AlphaSoftware.com
Florida Peninsula Insurance
561-994-8366
www.FloridaPeninsula.com
The No. 1 question I'm asked is probably, "What's involved in building a Web database application?" I asked Jerry Brighbill here at Alpha if he would put together a video tutorial. Instead of one, I got three!
Web-based Contact Manager, Part 1
16 minutes
Web-based Contact Manager, Part 2
25 minutes
Adding PDF Reports to Web Applications
17 minutes
These tutorials feature native Alpha Five .dbf files, but the processes illustrated in them are no different when building against SQL, Access, Excel, or other data. If you'd like to connect to these types of sources, see the following tutorial, by our own Dave McCormick.
Connecting to Other Data Sources
8 minutes
Recently a FileMaker developer sent an e-mail to Alpha Software with his initial impressions of Alpha Five. He was looking for a better way to build attractive Web applications (because of the limited Web application abilities of FileMaker), and didn't think he could do it in Alpha Five.
The e-mail circulated around Alpha Software, eventually finding its way to me. I don't work for Alpha, but I am one of their VARs. I run a Web design firm (Defiant PC), and recently (over the summer) started using Alpha Five to build e-commerce and other sites for clients.
Someone at Alpha figured I'd be a good person for this skeptic to talk to, since I have used Alpha Five to build attractive desktop and Web database applications. I take my designs seriously (they are my career, after all).
I also have experience using popular Web design tools, including Dreamweaver, which I used to use exclusively.
Here's the e-mail that was sent to Alpha, and then to me.
"No question that Alpha Five has an impressive array of features, many that I wish FileMaker 9 had, but I don't see how anyone could make a professional looking application with it. While FileMaker 9 may not have all the features and capabilities of Alpha Five Version 8, it blows anything [away] you can design in Alpha Five.
I looked at all the templates that come with the program, and was not impressed. Then I looked under the hood at the design and programming mode. A lot of options, but not easy to figure out how to do it.
I will say I was impressed with all the options and functions that come with the program, but the lack of a professional design environment make it [a] no go for me. If you could take the superior design abilities of FileMaker 9 and combine that with the advanced features and functions of Alpha Five, then you'd really have something!"
"Until approximately June of this year, we (Defiant PC) had virtually no experience working with the Alpha software. We downloaded the software, poked around, and initially came to the same conclusion that you did. However, coming from a background that deals primarily with Internet development and graphic design, we decided that building an API for a form would be similar to building an API for a Web site.
Turns out building an API for a desktop application in Alpha Five Version 8 is a snap. Furthermore, having literally no experience with desktop RAD software, I found the learning curve was minimal, and since June, we have produced desktop and Web applications in Alpha Five Version 8 that have exceeded our expectations ... For me, it couldn't get any easier!"
In my debut post on the Alpha blog, I thought I'd share my thoughts on a recent Windows IT Pro article I came across, Microsoft Midmarket Server Gets a Name, Release Schedule.
Now, I understand that, between a journalist's deadline pressure and the usual press release gray zone, things can get a little confusing, but these two snippets from the article seem to be completely contradictory:
"The logistics, however, are somewhat daunting: To install Windows Essential Business Server, you'll need three or four 64-bit servers, depending on the version you purchase ..."
"A ... program manager [said] that the product is targeted at the businesses [that] typically have 25 to 250 PCs, 50 to 1000 employees, and 1 to 5 IT administrators."
I recently caught a BBC program about how undercover IRS officials convinced IRS Help Desk personnel to reset online account passwords for various taxpayer accounts, changing them to passwords that the undercover person suggested.
They were successful 50 percent of the time, despite presenting no legitimate proof they even worked for the IRS. Once they had the password, they had full access to the taxpayer's account.
Every week, news breaks about passwords or entire databases of personal information stolen or breached. As a Web application developer, I constantly deal with sensitive user information, and build systems that include password storage.
I've received databases from clients that contain passwords, user IDs, Social Security numbers, driver's licenses, and other highly sensitive information.
I've seen hundreds of user passwords, and most of them are obvious or silly -- such as the user's first name, or a variation of a common, four-letter word. And I'm willing to bet it's the same password they use for their bank account and other personal services.
My clients often ask me to make the password and user ID visible in the database, so their Help Desk can provide it to users. While I have yielded in the past, I now absolutely refuse to create a Web application with the password accessible to anybody other than the user. I tell the client the password is "owned" by the user, not the developer or the Web application client.
Alpha Five's new Security Framework makes enforcing this philosophy easy to accomplish. The user can be required to create a "complex" password at the outset. And the user has the ability to recover or reset the password.
The password is automatically encrypted in the database, so it's useless if the database is stolen. Help Desk personnel will never know the password. In fact, Alpha Five's Security Framework doesn't even have a function that allows you to view the password.
In addition to employing the new Security Framework in all my database work, I also uphold certain personal policies regarding Web application security. They are:
* Never send an e-mail that contains both the user ID and the password. Security Framework can help here, since it's only through the Framework that users can retrieve their password.
* When a user registers for a new online account, mandate a double opt-in process, whereby the Web application sends a confirmation e-mail to the would-be user. If they try to login prior to confirming their e-mail address, tell them to watch for the e-mail, and offer to send them a new one -- but don't let them in!
* Always provide a means for users to remove themselves from the online system, and completely remove their account if they do un-register (saving any history or business data as required by the client).
* Make everything automatic and confirmed by e-mail. No Help Desk person should be involved, unless the user loses their user ID. The user ID is most often their e-mail address. (Note that I currently don't allow users to recover user IDs online. I might change my position in the future, as the Security Framework offers secure methods to handle this.)
* Provide a local user database with non-security information as a mirror to the Security Framework table. The Help Desk staff can search that user list for any non-sensitive information. If a user calls and provides sufficient evidence, the Help Desk can give them or reset their user ID. They can also reset the password, but the Help Desk personnel should not be able to view the old password, and the user should be required to change their reset password when they next log in.
* When registering for a new account, require users to read a EULA (End-User License Agreement), and check a box confirming same beside the words "I have read and agree to abide by the Terms of Use." If you are a developer, require clients (or their lawyers) to write a EULA, which must include Terms of Use and Privacy Policies, and mandate their use. You can also provide EULA templates that clients can adapt.
* Be a conformist. From a security standpoint, do everything you can to make your applications behave like your bank or utility company -- often the most secure applications online.
To accomplish all of the above, you need to provide methods to keep this local user table in sync with the Security Framework.
To see all of these policies in action, visit this Web site.
I've noticed that many companies who have an "Application Development Environment" (aka, ADE -- trying to stay away from the toxic "IDE" thing here) are moving to using Eclipse as the base for their ADE.
Eclipse is no longer just a Java IDE. It is an IDE ADE shell into which you can plug just about anything, including Java, C/C++, PHP, Python, and so on.
The benefits are obvious. Eclipse provides all of the plumbing, and you just need to add your own stuff to create an (almost) entirely custom UI. You win by not having to develop and maintain that entire ADE shell.
Of course, the base of your UI has to be written in Java, but embed an XBasic interpreter in it, and you could write the rest of the UI, the guts, and the glory in XBasic.
So, for the sake of argument alone, if you had a large and complex code base for your ADE shell you could, with an initial major "hump" effort, move to an Eclipse-based platform, and reap many rewards down the road.
