Wow, not to be a mean guy or anything, but if you are asking these type of questions within an hour of your deadline, you may not be the right person to do this... Security is not something that you should 'try', it needs to be done properly to protect you and your customers assets. Once they have data stolen, it's gone. I would look around and see if someone locally can consult with you, spending a few hundred dollars to have their input on the front end may save you a ton of problems later.
Chris Peterson -----Original Message----- From: Dominic Watson [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 7:59 AM To: CF-Talk Subject: Re: SOT: Data protection Ok thankyou. I need to get this proposal out in the next hour so it's a bit late for the book! The threats I need to be aware of then are internet based attacks on the login system and database right? I'm wondering, as the site and business is small and not a major public target (won't be indexed by search engines), is having a login system and ensuring code uses cfqueryparam, etc enough or do you think the site should be on SSL? It is site used for the company to manage their sales enquiries, follow ups and bookings - standard fair. Personally, I think a good login system is enough but if its the law to put such things on SSL then so be it! Again, thankyou Dominic On 15/01/2008, Tom Chiverton <[EMAIL PROTECTED]> wrote: > > On Tuesday 15 Jan 2008, Dominic Watson wrote: > > stores contact details of their employees. Does anyone have experience > of > > this and know what I need to take into consideration? > > You need to identify all the threats against the system, which you will > attempt to mitigate (i.e. is it your job to protect against a government > funded attempt to directly enter the building and walk out with it ?), and > how you will do so. > Googling for 'threat profile' and 'threat assessment' should get you > started. > Then buy Schneider's book :-) > > -- > Tom Chiverton > Helping to evangelistically e-enable ubiquitous relationships > on: http://thefalken.livejournal.com > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England > and Wales under registered number OC307980 whose registered office address > is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 > 3EB. A list of members is available for inspection at the registered > office. Any reference to a partner in relation to Halliwells LLP means a > member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and > may be confidential or legally privileged. If you are not the addressee you > must not read it and must not use any information contained in nor copy it > nor inform any person other than Halliwells LLP or the addressee of its > existence or contents. If you have received this email in error please > delete it and notify Halliwells LLP IT Department on 0870 365 2500. > > For more information about Halliwells LLP visit www.halliwells.com. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:296606 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
