> whilst i dont know much about protecting source code from rouge > developers / hackers. I would wonder if the expense of keeping > databases of checksums against source code really worthwhile ?
Properly done, there is little expense to doing this using products like Tripwire. > I was listening to a DNR (www.dotnetrocks.com) podcast the other day > on ASP.net (just keeping up with what the evil empire is up to) and > the guy there was saying the most frequent attacks to web applications > are still SQL injection and cross site scripting. Id be more worried > securing these type of threats than against any harm a developer could > do. Absolutely. However, there have historically been all sorts of web and application server vulnerabilities that allow attackers to write code on the application server itself, and filesystem checksums are an important tool for ensuring this hasn't happened. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). CFCDev is supported by New Atlanta, makers of BlueDragon http://www.newatlanta.com/products/bluedragon/index.cfm An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
