I got a little more behind with the progress of ChannelXML than I had hoped due to the fact that I had forgot that I had a nephews BDay bash to attend. If there is anything in life I place higher than anything else its family so this will happen from time to time... actually, given that I have twenty-three nieces and nephews, a son, five sisters, a brother, a mom, a dad, and then another 20 some odd cousins to cap things off I'm surprised it doesnt happen more often. Fortunately or unfortunately as the case may be my cousins all live in Australia, otherwise I would literally be bouncing from one BDay bash to the next with very little time for anything else in life. This, of course is beside the point of this posting so lets get back on topic...
I'm sitting here continuing to move things around, trying to determine the best architecture for both the storage of content within Subversion and the indexing of this content and making it available via XPath/XQuery using the eXist XML database (as well as MSDE, or SQL Server 2005 Express as I guess its now going to be called -- but for the moment I am using eXist until I have finalized the architecture). One of the most important things that needs to be considered in developing this project is security. While it needs to be as easy as possible to allow access to data contained on your system that you consider public, or access to data that requires some sort of security measures, etc... it also needs to be extremely difficult if not (ideally) impossible for anyone to gain access to data that you dont want to be made public. In thinking through how best to do this it occured to me that if I were to install Virtual PC and create a bare bones install of XP Professional with IIS (5.1 is what ships with XP Pro, I think) I could make this my public server as well as a proxy server in which I would use to access the web myself. By doing so I could block all ports on my master XP install except for that in which I would use to access my proxy server and then only allow access to that port via the internal IP (using a DHCP server, probably via an internal router but by any other software means as well.) By then placing all of my public or semi-private information on this VirtualPC instance I have, in essence, created a system in which would be extremely difficult, if not impossible, for anyone to access my master XP install in which I would have all of my private information stored that I did not want to take any chance of the outside world gaining access to.
Now, I may not have thought this all the way through, but it does seem like this would add one extra layer of security that would make the end-user at *VERY LEAST* feel a bit more confident that the only information that can be seen from the outside world is the information they publish via a "Publish" folder that would be mapped to the virtual XP/IIS instance. If I wanted to publish something to the web, grab the document in which this informatiion is contained, drop it into the publish folder, and *WHAMO*, instant (and secure) publishing made simple.
The only problem with this idea is that at present time I would have to purchase a copy of VirtualPC at $129 and then purchase another copy of XP to install within this system just so I could get this added level of security. But what if the VirtualPC team were to get together with the WindowsXP team and create a package in which you were limited to just the one virtual install of which the XP team would provide a version of XP completely stripped down to nothing more than just enough to cleanly run a copy of IIS 5.1 -- making this combined package freely downloadable... you would have to, of course, have a verifiable install of XP that was properly licensed to gain access to this download which is something you are already doing with other products so that shouldnt be of any great concern... It would also open up the marketing doors for the Virtual PC team to add an "Expand" button to the system for those who wanted to install yet another instance of an OS. So this could almost be justified, cost-wise, by the extra "marketing" the Virtual PC product team would receive quite easily making this a profitable venture in and of itself. [UPDATE: In reality you wouldnt even have to "create" a version of XP/IIS 5.1 and make it part of the download... just create a script that copies the necessary files from the existing master install to the virtual instance so in essence all that would be required is an addendum to the existing XP license already in place]
Maybe I'm just thinking way to outloud here. But it just seems like something like this could solve a ton of security problems while also making way for the next generation of decentralized computing apps that are sure to be on their way given that fact that I know I'm not the only person on this planet who is thinking about and building these types of applications.
For what its worth, there you have it... its your to do with as you please but definitely something that seems worth consideration.
TrackBack URL for this entry:
http://www.xsltblog.com/xslt-blog-mt/mt-tb.cgi/790
Listed below are links to weblogs that reference Dear Microsoft Virtual PC Team, If any of you happen to read this, I have a request...:
» spirit airlines from spirit airlines
spirit airlines [Read More]
Tracked on February 26, 2006 06:25 PM
» airline tickets from
[Read More]
Tracked on March 27, 2006 09:32 AM
» taxforms from taxforms
taxforms [Read More]
Tracked on March 28, 2006 07:39 AM