Why do developers tend to forget about people behind proxy servers ?

I know this is a very common issue.

I keep finding way too many software that claim to interact with Web 2.0 sites or services, and connect here or there…. still forgetting one basic simple rule, that is: letting people use a proxy.

Most programmers for some reasons just assume that since they are directly connected to the internet, everybody is. Which isn't always the case. Most companies have proxies and will only let you out to port 80 – by using their proxy.

…which in turn is one of the reasons why most applications now "talk" and tunnel whatever application protocol on top of HTTP… still a lot of softwares simply "forget" or don't care proving a simple checkbox "use proxy", which will translate in two or three extra lines of code… three lines which I personally usually include in my projects, when I am not even a *developer*!! (but that might explain why I *think* of it… I come from a security and networking background :-))

I thought of writing this post after having read this post by Saqib Ullah.

Anyway. I keep finding this thing over and over again. Both in simple, hobbyist, sample and/or in complex, big, expensive enterprise software. Last time I got pissed off about a piece of code missing this feature was some days ago when testing http://www.codeplex.com/FacebookToolkit. The previous time was during Windows Vista beta-testing (I had found a similar issue in beta2, and had it fixed for RC1.)

Actually, I am being polite saying it is "missing a feature". To be honest I think missing this "feature" would have to be considered a bug: every piece of software using HTTP *should* include the possibility to pass thorugh proxy (also, don't forget about  AUTHENTICATED proxies), or the purpose of using HTTP in the first place is defeated!!

Developers!!! You have to remember people ARE behind proxies !!!!!

One thought on “Why do developers tend to forget about people behind proxy servers ?

  • August 15, 2007 at 12:38 pm

    I most definitively agree with this point. There are even too much developers around the issue, imho, is that they are just developers. Not analysts. They tend to develop personal-use software with no regard to the Corporate environments… what about the "proprietary" protocols? Let's say file transfer or other mess? People used to criticize my choice to develop a program for remote backup of data files where I decided to use FTP/FTPs protocol for the data transfer instead of a propertary one or even rsync. Result? Their specs says "enable your firewall", open this and that port, allow the server to contact your LAN… umm… where the heck is the security principle?! lol enjoy IT (sorry buddy, I read this blog after a couple of days, hadn't time to read it earlier :p)

Comments are closed.

%d bloggers like this: