basically our security entails a VPN between the database server and software server, firewalls, application firewalls, an SSL between the client machine and software server, and all of the usual CF security... however there are rules in some countries that medical data must be encrypted in the database, i agree that i cannot see the threat this directly targets!
>> > And don't forget the network traffic between the server and the DB. Which >> > can be encrypted using MS encryption libraries for a ... ahem ... small >> > fee. >> >> It doesn't cost anything (except your time) to set up an IPsec tunnel >> between two Windows machines. And SQL Server natively supports SSL/TLS >> as well. > >But more to the point, yes, that's another threat profile to consider. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >http://training.figleaf.com/ > >Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on >GSA Schedule, and provides the highest caliber vendor-authorized >instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343517 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
