Web 2.0 "critical" to church, says Anglican CIO
Summary: Web 2.0 is critical to the Anglican church if it is to keep up with today's youth, according to the Sydney diocese's CIO.
Web 2.0 is critical to the Anglican church if it is to keep up with today's youth, according to the Sydney diocese's CIO.
"The church is investing heavily in Web 2.0 technologies," CIO George Lymbers told IDC's Directions 08 event yesterday in Sydney.
Lymbers said developing tools which automatically protect users' data is important, saying that today's youth don't understand how to use Web 2.0 tools in a security-conscious way. "We want to protect them, and in doing so protect the reputation of the church," he said.
Web 2.0 also helps with the spread of the churches holdings: "We have thousands and thousands of properties," he said, adding that the church uses Google maps to link into databases to keep track of them.
However, the expanse of the Sydney diocese — over 2,000 sites "spread all over the place" — makes implementation of Web 2.0 difficult according to Lymbers, who says the extent of collaboration between sites depends on how much organisations are willing to pay for a connection.
"Telcos drive me crazy," he said, adding that they always promise to help minimise costs but the organisation is "led down the garden path more often than not".
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Web 2 and Anglicans
It is really up to social and ethical leaders such as the Anglican Church to warrant and guarantee - no less than that - that the systems they are developing and using provide the necessary levels of privacy and security expected by church members and society. Dear Anglicans - just look at the OWASP web site for the dangers and unresolved security holes in Web 2! At a minimum servers MUST implement labelled security, yes - "Secure LINUX" with RedHat Enterprise LINUX 5, SUN Solaris 10 with "Enhanced Security" and others. This has to be the MINIMUM we can expect of such a Christian group - reasonable and caring protection of privacy with levels of system security regarded as being the "best of class" in the ICT sector.
Oh God..
How often does Bigpond or NineMSN get attacked and/or privacy breached? Both those sites run Windows and IIS.
Get the facts right...
So, it come down to the protection on the website code, not the server, as far as most SQL attacks go.
SQL Injection
Now - do you remember "Trusted Oracle" - even with SQL injection occurring at the client end imagine the possibility that a "profile" at the row/column level at the server end enabled a process to be labelled against a particular DB instance - all possible with a modern LSPP based OS/DB combination that gives this support against application failure particular an interpreted app - like an AJAX style scheme operating on a client PC.
That recognition of application code failure was what MULTICS was all about - at least at the higher file level. A modern "FMAC" labelled system - yes - not perfect - enables a better level of security to be created in database oriented systems, particularly where sensitive personal data may be involved..
and remember, no application can be any more secure than the libraries it calls and compiler/interpreter it is based upon or the OS structures that they all use.
OR - from a risk viewpoint - why choose an SQL structure at all for sensitive personal databases?
Much safer ways to go! A far more responsible approach.