-adam
> -----Original Message-----
> From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 05:11 PM
> To: 'CF-Talk'
> Subject: Re: Securing CF Apps.
>
> Tim Blair wrote:
> >
> > As for using the security of your DB instead of application-based
> > security - in my opinion this is possibly *less* secure - it means that
> > anyone with a login for your webapp automatically has a direct login for
> > your database server!
>
> Which is of course set up to only allow connections from the web
> server, regardless of the credentials offered. Layer after layer
> after layer :-)
>
>
> > A few pointers I use when thinking about the security of CF web apps:
> >
> > 1. Make sure CF server is suitably locked down - e.g.:
>
> Compared to this, the rest is probably insignificant. The total
> number of compromised sites/servers based on weaknesses in the OS
> and webserver is probably a magnitude larger as the number of
> exploited sites/servers based on anything that can be influenced
> by CF code/setup.
>
> Jochem
>
> --
> I don't get it
> immigrants don't work
> and steal our jobs
> - Loesje
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
