Geesh!
I never said put up a webserver with active content and perl scripts and
walk away. If this were the case, of course there'd be security-related
issues to be concerned with...
Best Regards, Donald Kelloway
http://www.commodon.com
-----Original Message-----
From: Paul D. Robertson <[EMAIL PROTECTED]>
To: Don Kelloway <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Peter da Silva
<[EMAIL PROTECTED]>
Date: Sunday, June 20, 1999 6:31 PM
Subject: Re: Why not NT?
>On Sun, 20 Jun 1999, Don Kelloway wrote:
>
>> If the firewall *only* allows the GET command through, there shouldn't be
>> anything to worry about. Right?
>
>Wrong.
>
>You have to worry about buffer overflows in server requests and commands,
>wayward or poorly written active server content such as .asp's and perl
>scripts, errors in the GET implementation, and the architecture not scaling
>when the Webidiot decides that database transactions absolutely have to
>happen to move the business forward, trojans on the server and the
integrity
>of everyone posting content to the server.
>
>You've suddenly placed a large requirement to audit the Web server's
>software, manage code updates, test its functionality, and trust the
>administrators to always do the right thing. If the server stuff is
>contracted, it's probably worse yet. If it also contains confidential
>internal information, funner still.
>
>Publicly accessable machines are still best placed outside the firewall
>in the DMZ or off a seperate interface on a service network.
>
>Paul
>---------------------------------------------------------------------------
--
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
