[thelist] Website Database Security

Ron White ronwhite at members.evolt.org
Thu May 3 13:02:29 CDT 2001


I'm thinking the second "it didn't" was prolly a typo...

<snip 1>
I would love a copy. One question though, if it didn't cover closing ports
and the like and it didn't cover web application mistakes, what did it
cover?
</snip 1>
<snip 2>
Chris (and everyone) - I gave a presentation this February on web site
security. It wasn't "deep", ie, it didn't cover network stuff like closing
ports and stuff, but it didn't cover web application mistakes, like not
checking url parameters, not encrypting cookies w/ special information, etc.
While not exactly about databases, it did have a few slides concerning how
URL hacks could attack your db. If you (or anyone else) wants a copy, let me
know.
</snip 2>

Ron






More information about the thelist mailing list