> Makes sense. As a general rule, if you're following general best practices > (code modularity, separation of data > and views) it shouldn't contradict STIG guidelines, correct? Or, put in > another way, STIG wouldn't say "you have > put all of your information into various, independent tables (for security > reasons)" which would negate the purpose > of a relational database. > > STIG should be fairly common sense, correct?
Yes, for the most part. That said, I'd spend the couple of hours to read through all of the guidelines carefully. Most of these security guidelines are fairly vague, and are not really that testable as a result. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357912 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
