[thelist] Website Database Security

Raymond Camden jedimaster at macromedia.com
Thu May 3 12:49:38 CDT 2001


Chris (and everyone) - I gave a presentation this February on web site
security. It wasn't "deep", ie, it didn't cover network stuff like closing
ports and stuff, but it didn't cover web application mistakes, like not
checking url parameters, not encrypting cookies w/ special information, etc.
While not exactly about databases, it did have a few slides concerning how
URL hacks could attack your db. If you (or anyone else) wants a copy, let me
know.

Also, our site, www.allaire.com, has _numerous_ articles on security issues.
Of course, they are CF-centric, but many cover issues w/ IIS and general web
app security stuff. Check out the Security Zone. Actually, I think we _also_
have stuff on that "deep" crap as well.

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia

Email   : jedimaster at macromedia.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Chris Johnston
> Sent: Thursday, May 03, 2001 1:30 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] Website Database Security
>
>
> Hello,
>
> I am looking for articles and tutorials on how to properly secure
> a website.
> In particular, I am building several websites using ColdFusion and am
> looking for articles that center on protecting databases from malicious
> hackers.
>
> If anyone knows of any good articles please let me know.
>





More information about the thelist mailing list