Hi Christoph,
it isn't that easy as you try to handle it.
An application must conform to a decent level of security to be usable
per sé. If it offers insufficient security you can do whatever you want
- it's quite unusable.
To illustrate it:
Windows with all of it's backdoors is insecure. Therefore it can never
be a realiable base for online business. Nevertheless when your
application is based on Windows (even an inhouse application!) it is
simply insufficient to double check application's internal security. You
must do a lot more.
See most trivial MS-Office hack:
Install a memory hook and you can forget every internal password
security. It's a stupid implementation.
OTOH you can run a secure LAMP system. When you run an insecure
application with it whole system becomes insecure.
OTRS is an online application. Therefore it must be secure for itself.
Am 23.12.2009 08:25, schrieb Christoph Ohliger:
Peter,
isn´t that first of all a question to LAMP, modsecurity or whatever you
use to implement/protect ? Of course the formal testing requirement of
OTRS may remain.
regards
Christoph
Peter Sharp schrieb:
In order to put OTRS on the outside of our firewall, or let traffic
pass through to the OTRS system, they require it to be secure. Is
there any sort of formal testing or security documentation about the
security of OTRS 2.4.5 or other versions running on apache? Say
security vulnerabilities checked for by a third party
security-checking tool?
Thanks,
Peter
[email protected] <mailto:[email protected]>
------------------------------------------------------------------------
---------------------------------------------------------------------
OTRS mailing list: dev - Webpage:http://otrs.org/
Archive:http://lists.otrs.org/pipermail/dev
To unsubscribe:http://lists.otrs.org/cgi-bin/listinfo/dev
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
--
Mit freundlichen Grüßen / With kind regards
Dieter Ringhofer
Schönblick 9
74382 Neckarwestheim
Telfon +49 7133 97236
Fax +49 7133 97237
mobil +49 179 1003496
web http://edv-ringhofer.de/
DE813829721
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
---------------------------------------------------------------------
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
