[thelist] Website Database Security
Chris Johnston
chris at completeimaging.com
Thu May 3 12:55:13 CDT 2001
I would love a copy. One question though, if it didn't cover closing ports
and the like and it didn't cover web application mistakes, what did it
cover?
Thanks.
Chris
chris at completeimaging.com
/-----Original Message-----
Chris (and everyone) - I gave a presentation this February on web site
security. It wasn't "deep", ie, it didn't cover network stuff like closing
ports and stuff, but it didn't cover web application mistakes, like not
checking url parameters, not encrypting cookies w/ special information, etc.
While not exactly about databases, it did have a few slides concerning how
URL hacks could attack your db. If you (or anyone else) wants a copy, let me
know.
Also, our site, www.allaire.com, has _numerous_ articles on security issues.
Of course, they are CF-centric, but many cover issues w/ IIS and general web
app security stuff. Check out the Security Zone. Actually, I think we _also_
have stuff on that "deep" crap as well.
=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : jedimaster at macromedia.com
ICQ UIN : 3679482
"My ally is the Force, and a powerful ally it is." - Yoda
More information about the thelist
mailing list