Network Security: Detailed info on Re: ISA Server and SQL Injection

Subject:	Re: ISA Server and SQL Injection
Date:	Wed, 23 Feb 2005 15:52:21 +0000

Subject:

Re: ISA Server and SQL Injection

Date:

Wed, 23 Feb 2005 15:52:21 +0000

Mark,

From your tone I get the impression you've had enough discussing this! I'll be as brief as possible :-)

I think what we're actually disagreeing about is the meaning of "firewall". You're considering the practical meaning, i.e. a TCP/IP filtering device. I'm considering the logical meaning, i.e. a device that filters an interface based on rules. I think that answers your concerns of this being "architecturally wrong".

As for you saying "No I am saying build secure software", the essence of the meaning is the same as "just get the code right". The attitude behind both these statements is "we must get it right". What if, instead, the attitude was "we must account for the fact that sometimes we get it wrong"? If you take this onboard, many imperfect protections start to look more attractive.

All the best,

Paul

--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

<Prev in Thread]	Current Thread	[Next in Thread>
RE: ISA Server and SQL Injection, (continued) RE: ISA Server and SQL Injection, Mark Curphey Solutions, Results, and Comments - Was [ISA Server and SQL Injection], Jeremiah Grossman Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], David Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], Jeremiah Grossman storing SSNs, CCNs, password in the DB, Francesco Re: storing SSNs, CCNs, password in the DB, Adam Shostack Re: storing SSNs, CCNs, password in the DB, Francesco Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], Jeff Williams Re: ISA Server and SQL Injection, Paul Johnston RE: ISA Server and SQL Injection, Mark Curphey Re: ISA Server and SQL Injection, Paul Johnston <= RE: ISA Server and SQL Injection, Mark Curphey Re: ISA Server and SQL Injection, Paul Johnston Re: ISA Server and SQL Injection, Stephen de Vries Object Caching with IE 6 XP SP2, Don Tuer Copying files from one server to another., Eric Boughner Re: Copying files from one server to another., Michael Sztachanski RE: Copying files from one server to another., dave kleiman Re: Copying files from one server to another., David

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Filtering by client IP address for Web App Sessions, Evans, Arian
Next by Date:	RE: ISA Server and SQL Injection, Mark Curphey
Previous by Thread:	RE: ISA Server and SQL Injection, Mark Curphey
Next by Thread:	RE: ISA Server and SQL Injection, Mark Curphey
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Filtering by client IP address for Web App Sessions, Evans, Arian

Next by Date:

RE: ISA Server and SQL Injection, Mark Curphey

Previous by Thread:

RE: ISA Server and SQL Injection, Mark Curphey

Next by Thread:

RE: ISA Server and SQL Injection, Mark Curphey

Indexes:

[Date] [Thread] [Top] [All Lists]