And if you can afford it for your project get a good highend firewall that inspects the requests prior to allowing them through. And a good IDS system of some sort, preferably one that'll work with your firewall or that will at least send out alerts.
--mikej -=----- mike jackson [EMAIL PROTECTED] -----Original Message----- From: Sullivan, Mark E [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 12:07 PM To: 'Tomcat Users List' Subject: RE: Site Security Issue Nothing out there is going to defeat a very skilled and determined hacker, but SSL will defeat most of them. Of course that only protects your http traffic. You should also use a firewall to block access to the rest of the server ports. Your web site is only as secure as the server it's running on, so make sure it isn't running any insecure services like telnet, ftp, etc... -----Original Message----- From: Chris Shen [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 1:20 PM To: Tomcat Users List Subject: Site Security Issue dear fellow developers, i've got a question for you guys...i've got a auth system that distributes keys to users once they are authenticated. users can then use that key as a ticket to get services. now, my question is what do most of you guys do to make your site more secure? i.e. what would you do to keep that cookie safe from hackers as it's being passed back and fourth through the web? our main concerns are trojan horses and packet sniffing. we are thinking about doing an IP check and perhaps setting up SSL? does anyone have any ideas/opinions on this? thanks! Chris -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
