Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Hardcoded Database IP in ASP

from [PCSC Information Services] Network Security [Permanent Link]
Subject: Re: Hardcoded Database IP in ASP
Date: Tue, 19 Sep 2006 19:55:38 -0400 
Hi Darryl,

Have you considered having the DB server use a non-routable protocol that is available only on your internal network? Given that many databases can operate in many different protocol/network environments, you might consider it advantageous to limit all connections to it to internally authenticated machines only (i.e. the machines authenticate using a mechanism that is only available for internal connections) This might be a good way to secure your dbs and db servers. If this database is very sensitive (i.e. personally identifiable metrics) having a separate connection might prove most efficacious in your efforts to secure this data.
I understand that .asp has more than one connection method so this shouldn't prove beyond your scope.

Sincerely,

Sean Swayze
PCSInformation Services
info@pcsage.biz



On 14-Sep-06, at 2:28 PM, Darryl Stevens wrote:

Hello fellow Security Guru's.

I've been on the distro from sometime and gaining a lot of insight into various security issues.

Question: I have ASP script that points to a backend database residing on seperate physical server. Is there any known way of getting around using a hard-coded IP address to point to the database? Would utilizing the OS hosts file serve my purposes of and satisfy secure code practices? Thanks guys.

Darryl



---------------------------------------------------------------------- ---
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx? id=701500000008Vmm
---------------------------------------------------------------------- ----



-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Anybody got a licenced copy of Acunetix, Centric or other Web App Scans?, Dinis Cruz
Next by Date:  Re: Comparison report on web app security scanners now translated to English, Roberto Tanara
Previous by Thread:  Re: Hardcoded Database IP in ASP, security
Next by Thread:  RE: Hardcoded Database IP in ASP, William Woodhams
Indexes:  [Date] [Thread] [Top] [All Lists]