is to make sure there aren't any holes.
IMHO, security should be blindingly simple. Only by doing that can you make
sure you identify and test all the edge cases. You can stack layer upon
layer of security, but each layer should be simple and independent.
Not to say that it's always possible to keep is really simple, but the
simpler the better in my book.
Cheers,
barneyb
> -----Original Message-----
> From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 9:49 AM
> To: CF-Talk
> Subject: Re: Securing CF Apps.
>
> no one ever claimed that security is simple. a generalization
> would be that the more complex security is, the harder it is to crack.
>
> -adam
>
> > -----Original Message-----
> > From: Tim Blair [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, March 23, 2004 05:19 PM
> > To: 'CF-Talk'
> > Subject: RE: Securing CF Apps.
> >
> > > > As for using the security of your DB instead of application-
> > > > based security - in my opinion this is possibly *less* secure -
> > > > it means that anyone with a login for your webapp automatically
> > > > has a direct login for your database server!
> > >
> > > Which is of course set up to only allow connections from the
> > > web server, regardless of the credentials offered. Layer
> > > after layer after layer :-)
> >
> > And has no external network access except through the DMZ
> that the CF
> > server is sitting in, behind the firewall that... Oh, no, I'll stop
> > there I think. ;)
> >
> > Tim.
> >
> > --
> > -------------------------------------------------------
> > <CF_CodingContest mode="judging" newentries="false">
> > Maze Solver - http://tech.badpen.com/cfcontest/
> > -------------------------------------------------------
> > RAWNET LTD - Internet, New Media and ebusiness Gurus.
> > WE'VE MOVED - for our new address, please visit our
> > website at http://www.rawnet.com/ or call us any time
> > on 0800 294 24 24.
> > -------------------------------------------------------
> > This message may contain information which is legally
> > privileged and/or confidential. If you are not the
> > intended recipient, you are hereby notified that any
> > unauthorised disclosure, copying, distribution or use
> > of this information is strictly prohibited. Such
> > notification notwithstanding, any comments, opinions,
> > information or conclusions expressed in this message
> > are those of the originator, not of rawnet limited,
> > unless otherwise explicitly and independently indicated
> > by an authorised representative of rawnet limited.
> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
