On Wednesday 24 November 2004 07:49, Richard wrote: > Hi Quinton, Can't really check, but the following guidelines are good:
-> Make sure your tomcat user does not have admin privileges on the server. (Not sure how to do this on Windows, I am a linux person). -> Make sure your web-application doesn't have any funny code that might get exploited by a proficient hacker (i.e. shell commands run as ROOT). -> Add a blank index.html to each directory of your web-app, this prevents users from getting directory listings on your server. -> Ensure that you don't give away too much information in your URL (using ? and & parameters). This can easily be prevented by implementing SSL and ensuring that the users have to log on first. > How can you tell when your web-app is secure? > Forgive me for asking too many questions, im just a newbie. No problem. I understand. :) > Thanks Q -- Quinton Delpeche Internal Systems Developer Softline VIP Telephone: +27 12 420 7000 Direct: +27 12 420 7007 Facsimile: +27 12 420 7344 http://www.vippayroll.co.za/ For some reason, this fortune reminds everyone of Marvin Zelkowitz.
pgpz8w8s1JXei.pgp
Description: PGP signature
