> > Pekka Savola wrote > > You take one approach and disregard all the others. > > I don't. I just say that in this scenario site-local address helps. What > is the hacker knows the backdoor because he installed it himself and > cannot compromise the web server? Your argument is irrelevant. > > > Security is about finding the weakest links and strengthening them. > > You just looked at only one of them here.. > > Security is about plugging holes. There are hundreds to plug. Saying > that plugging a hole is useless because some other holes might be open > is the best way to get hacked.
Michael, I am no security wizard. However, it seems to me that you are suggesting that site-local addresses add a small amount of security because there's no way to connect directly from the attacker's machine to the database machine. However, if the Web server has been compromised (which is a very reasonable proposition based on recent events), it seems just as easy for the attacker to mount his attack by first ssh'ing to the Web server, and then attacking the database server from there. I welcome your corrections if I have missed something. Thanks, -jj -- Users of C++ should consider hanging themselves rather than shooting their legs off--it's best not to use C++ simply as a better C. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
