good advice, thanks Judah >The best security practice that I try and follow that I think gets >missed by a lot of people is a deceptively simple one: Don't store >data that you don't need. > >It is tempting to grab ahold of the largest amount of data possible >because you might need it for something in the future and you can't >analyze what you don't have. But the security flipside of that is that >you also can't steal what you don't have. So as part of your security >audit, you should take a hard look at your data acquisition and >retention policies. > >Do you need to store the plain text version of someone's social >security number or birth date or can you store a hash of the value? >Do you need to store a list of everything they have done on your site >or could you keep, say, the last 6 months for operational purposes and >then archive older data to another system that isn't connected to your >web app? > >There are plenty of things you can do on a technical level to make it >more difficult to access your data without authorization. But >technical measures fail and that's just a fact of life. So start by >minimizing your exposure should something fail and then go about >hardening the application setup. > >Judah > > >>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314186 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4