actually before you get to the db) and there is and IDS, and there is virus
protection software, and the OS is locked down and so on and so on.
We were not advocating doing away with basic security practices, just saying
take them to the next level.
--
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319
The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s). Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
-----Original Message-----
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 9:36 AM
To: CF-Talk
Subject: Re: Securing CF Apps.
> yes matt. it is true that there is a dba login to every database. of
> course no one using the application has the role of dba. so what is
> your point?
>
The point is the login is there and can be exploited. No matter how
much you lock down the schema, there is always one user account which
has full access. Therefore, I believe you are wasting your time trying
to lock down the schema in the case of a web application. It would be
much better to implement a stateful firewall in front of your database,
so it could be fully protected.
-Matt
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
