RE: Questions about security

Mon, 30 Jun 2003 10:09:36 -0700 

Oh yeah, I left out; a decent firewall, and a properly configered DMZ /
Zones / network and maybe IDS (www.Snort.org is cool) and decent
passwords.....

looking at CFMX server then alone (ie without your code...)

        Disable / remove RDS,
        Run it under a user account which only has the needed permissions.
        Apply all patches.

Also think of CFMX as a Java application, it is. I've been meaning to check
out
the J2ee/java version of "hacking exposed" anyone read it?
http://www.amazon.co.uk/exec/obidos/ASIN/0072225653/ref=sr_aps_books_1_1/026
-9749361-5814842

Also cfmx contains versions of the following

AXIS
Verity
j-intragra
log4j
etc. etc.
and of course Jrun (or what ever java container) + a JDK issues

So any issues that apply to these may apply to CFMX

regards

WG


-----Original Message-----
From: webguy [mailto:[EMAIL PROTECTED]
Sent: 30 June 2003 17:58
To: CF-Talk
Subject: RE: Questions about security


Secure Windows - get the O'reilly book
                        http://www.oreilly.com/catalog/securwinserv/
                        http://www.microsoft.com/security/

Secure IIS  - http://www.iisfaq.com/default.aspx?view=P142

Secure SQL server -http://www.sqlsecurity.com/DesktopDefault.aspx
Use database roles etc..

Secure CFMX - http://www.macromedia.com/devnet/security/security_zone/

Secure your application. e.g. http://secinf.net/websecurity/
CF specific - http://www.macromedia.com/support/coldfusion/technotes.html

[short list]

Possibly encrypt your data, or build a write only database table. For
example you will probably never need to show a credit card number on a
website (maybe some of it - last 5 digits), but will need to use it on a
back end. Use a different database role to read it.

WG



-----Original Message-----
From: Eric Creese [mailto:[EMAIL PROTECTED]
Sent: 30 June 2003 17:35
To: CF-Talk
Subject: Questions about security


I have some questions about CFMX security, loop hole, pit falls and
configuration.

I have two Win2k clustered servers that will contain membership data that
will be stored in SQL Server DB on a third server. I need to insure that I
will not be hacked. Is there any particular configuration that is
recommended or issues?





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to