Skip to main content
Thoughts from David Cornelius


I recently had a discussion with a fellow developer who sees a new feature in Delphi as opening a possible security hole in the application. The Welcome Page in Delphi 2005 and 2006 is an embedded web browser that views a local HTML file. This file has some JavaScript code that calls ActiveX objects to load Delphi projects and such, but mostly is a great collection of resources for the over-burdened programmer trying to remember where everything is. There are links to local help files and PDF documents, short-cuts to open a project, a quick way to get the latest updates from Borland, and links to many blog entries by Borland folk. I feel it's a great productivity enhancement and I look there first for news and updates.

So it was with great surprise to learn that not everyone likes this new feature. What's more, having a web browser embedded in an IDE was considered to be a major security hole. Now I do believe Internet Explorer (the browser plug-in used by Delphi in the Welcome page) has a lot of security issues, but as long as you practice due diligence in keeping your system safe and as long as you're browsing a local file that you can see and customize, how could this be a security hole?

He went on to say that he wants control of when to connect and when not to connect to the internet. Applications that needlessly add internet capabilities right into their interface are not only highly suspicious, but should be regarded in the same lot as bloatware.

I look at today's teens (my son's age) and am amazed at how "connected" they are, text-messaging a friend on their cell phones between classes and chatting online with people around the world in the middle of their games. They don't look things up in books anymore, all research starts with Google. I had to ground my son from the internet for a week and his friends wondered what happened to him (I haven't bought him a cell phone and nobody has his actual home phone number!). Many games now require the internet not just to register, but to play, and some business applications are heading that direction as well. These kids have no concept of what life was like before the internet and cell phones. They expect, embrace, and even require connectivity.

Similarly, today's programmer needs to be connected. Connected to documentation, discussion forums, updates, and support utilities. Programmers are increasingly faced with needing to know more languages, APIs, databases, interfaces, formats, and sometimes even platforms than in years past. In my opinion, a good development environment will provide the tools and links you need to get at whatever information you need as fast as possible--wherever it is. I see the Welcome page in D2005/6 as a good collection of resources that are easily available, really close to my working area, completely customizable, and are presented in a user-friendly web-browsing style that is becoming quite common-place.

But isn't the internet a dangerous place? Aren't programs that silently connect sending my private information out somewhere? Driving a car can also be dangerous! But I had to learn how to be as safe as possible because I live in a world where driving is necessary to provide for my family and get along socially. That means buying vehicles with a good safety rating, keeping the vehicle well maintained, the windows clean, and good tires on. I don't drive in places that are unsafe and I follow the rules (well, most of the time!).

Healthy skepticisim is good and helps keep my systems clean. For every new technology that exposes us to the internet, there's another one that helps watch over it. ZoneAlarm is a great application to help make sure nothing is coming in or going out that shouldn't be. WinPatrol also fills a great niche in that it keeps track of what IE plugins you have, what programs get launched at startup, and keeps a huge and constantly-growing database of all kinds of software to help you know what's really on your system. Anti-virus and anti-spyware programs are a must anymore. (Check out a monthly security newsletter that helps keep you abreast of many security issues and recommended software.)

Now, to be completely honest, we could've done our business and carried on life forever just fine with DOS. Why did we need Windows? Well, that's a whole 'nother discussion, but the fact remains that technology will not stop advancing and if we don't move with it, we're going to get left behind. Then again, maybe that's fine if we're in a dying market that doesn't care to move or if we're at the end of our career and are willing to leave the moving to the next person.