Re: WebDNA security

This WebDNA talk-list message is from

2004

It keeps the original formatting. numero = 58994
interpreted = N
texte = This article is Part I of a II part series that discusses web serversecurity. It separates the security issue into three main areas.1. The server offers services to the public it was not intended to offer. 2. The server keeps supposedly private data in publicly accessible areas. 3. The server trusts data from untrustworthy sources.http://www.devshed.com/c/a/Administration/Webserver-Security-Part-I/In addition to great information, the article offers links to resources tohelp secure your web server.Salvatore D'AnnaDotNetNuke Hosting-----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf OfPatrick McCormickSent: Friday, August 06, 2004 8:31 AMTo: WebDNA TalkSubject: WebDNA securityI sat through a meeting with an IT department at an insurance company yesterday. The head of IT told the group that he had never heard of WebDNA and that it was "...a weird, third-party, add-on" and further, that he wouldn't even consider it for his web server because of all the publicity PHP has received for its security flaws.Yes, the stench of self-preservation is one of very few constants in business.One particular point that IT dude was trying to make is that simply running WebDNA on a machine exposes that machine to hacking. I'm wondering if anyone on the lise has had a security analysis done on a running copy of WebDNA, possibly by an organization specializing in security analysis.I think all of us recognize that the quality of our code has much more impact on security than simply running a copy of WebDNA. But, separating that code from the discussion, is there any information about the security pros and cons of WebDNA versus alternatives?Thanks,Pat McCormick-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.834 (20040804) Information __________This message was checked by NOD32 antivirus system.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: WebDNA security ( Patrick McCormick 2004)
Re: [OT] Security in general [Was] Re: WebDNA security ( Matthew A Perosi 2004)
Re: WebDNA security ( Bob Minor 2004)
Re: WebDNA security ( Larry Hewitt 2004)
Re: WebDNA security ( Patrick McCormick 2004)
Re: WebDNA security ( "Sal D'Anna" 2004)
Re: [OT] Security in general [Was] Re: WebDNA security ( "WebDna @ Inkblot Media" 2004)
Re: WebDNA security ( John Peacock 2004)
Re: WebDNA security ( Donovan Brooke 2004)
[OT] Security in general [Was] Re: WebDNA security ( Alan White 2004)
Re: WebDNA security ( Alan White 2004)
Re: WebDNA security ( John Peacock 2004)
WebDNA security ( Patrick McCormick 2004)

This article is Part I of a II part series that discusses web serversecurity. It separates the security issue into three main areas.1. The server offers services to the public it was not intended to offer. 2. The server keeps supposedly private data in publicly accessible areas. 3. The server trusts data from untrustworthy sources.http://www.devshed.com/c/a/Administration/Webserver-Security-Part-I/In addition to great information, the article offers links to resources tohelp secure your web server.Salvatore D'AnnaDotNetNuke Hosting-----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf OfPatrick McCormickSent: Friday, August 06, 2004 8:31 AMTo: WebDNA TalkSubject: WebDNA securityI sat through a meeting with an IT department at an insurance company yesterday. The head of IT told the group that he had never heard of WebDNA and that it was "...a weird, third-party, add-on" and further, that he wouldn't even consider it for his web server because of all the publicity PHP has received for its security flaws.Yes, the stench of self-preservation is one of very few constants in business.One particular point that IT dude was trying to make is that simply running WebDNA on a machine exposes that machine to hacking. I'm wondering if anyone on the lise has had a security analysis done on a running copy of WebDNA, possibly by an organization specializing in security analysis.I think all of us recognize that the quality of our code has much more impact on security than simply running a copy of WebDNA. But, separating that code from the discussion, is there any information about the security pros and cons of WebDNA versus alternatives?Thanks,Pat McCormick-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.834 (20040804) Information __________This message was checked by NOD32 antivirus system.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Sal D'Anna"

DOWNLOAD WEBDNA NOW!

Re: WebDNA security

2004

Top Articles:

Related Readings: