I don't work in IT, I'm probably the guy IT hates, the script kiddie A while back I created a little site that used PHP/Java that plugged coordinates of my company's offices from a basic SQL server table. It uses the Google maps API to let you search a location and then populate the closest geographical branch locations to whatever area was returned from the search. Accounting associates loved it.


Eventually it was realized that this was hosted on my own site and I was in quite a bit of trouble for this by my boss, not any network admin or anything. The reason according to her statement being:
1. It is a “Security breech to the companies sensitive data”.
2. An outside host could have the potential of an unwanted virus.

As for number one, the only data used is the exact same data available on our companies public web site.

Now for number two... I can't say it isn't possible. I've always been under the impression that you can get malware from any site. I just don't like that I'm being called on this as if it's something worse than the millions of useless unblocked sites their employees hit everyday. So my questions are:


What exactly are the risks with what I've done?

Is this worse than things like Imeem.com their employees hit everyday?

Am I wrong in my assumption, that calling me out and loading up my yearly mockery of an evaluation with bad remarks regarding this, is absurd?

If I am not wrong in being upset at this, do you know of any reference material I could use in my defense?

Personally I don't think you have done anything all that bad however it is up to your boss to decide what information is sensitive or not. If he says the addresses are sensitive and wants to reprimand or terminate you -- then the only avenue for recourse would be legal action against them.

You did send employees to another website outside of the company which could in theory have been distributing a virus but if it is was only a google maps API/site then that is a very low risk. Your boss obviously wants to push the issue so there is probably another reason he wants to make an example. I'm sure your employer has a network policy that bars site like Imeem.com but those aren't enforce too often -- but if you mention that he can probably pull up paperwork showing you that it is against company policy. More than likely it will be the same document he is slapping you with here.

You didn't do anything bad but you're probably still going to get screwed.

Ha, thanks for the reply.

That makes sense...it's not exactly pleasant but it makes sense.

So the lesson of the day? Technology bad. Helping people bad. Mindless drones surfing the web 3/4ths the day Good

This falls under "selective enforcement" of a company's network policy

I wish you good luck when you meet with your boss! Please mark this thread as solved if I have answered your question.