Re: WebDNA security

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 59008
interpreted = N
texte = first response: On Aug 6, 2004, at 10:53 AM, John Peacock wrote: > Patrick McCormick wrote: > >> One particular point that he was trying to make is that simply >> running WebDNA on a machine exposes that machine to hacking. > > The only truly secure computer is one that is unplugged and embedded > in concrete (and even then, I'd demand a few feet of lead shielding to > prevent cosmic rays from flipping bits). ;) > > All actively generated pages that accept _any_ input from the user can > conceivably be hacked (or at least DOS'd). It sounds like this > supposed IT executive was reacting more from the CYA impulse than any > realistic security consideration. Had I been there, I would probably > have flayed him alive (is he running any version of IIS, does he use > any ASP, or other actively generated pages, etc.) and made him look > like the PHB he is. PHP isn't really comparable to anything except > the simple web scripting language it is. > > Sadly, WebDNA's market share is too small to interest any serious > hackers (plus it is so easy to make it look like an ASP site and > seriously mess with the ones who try). On the same basis, I doubt any > security organization would be interested in doing a survey without a > 5 figure payment... > > My 2 cents > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4501 Forbes Boulevard > Suite H > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5748 > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: WebDNA security ( Patrick McCormick 2004)
  2. Re: [OT] Security in general [Was] Re: WebDNA security ( Matthew A Perosi 2004)
  3. Re: WebDNA security ( Bob Minor 2004)
  4. Re: WebDNA security ( Larry Hewitt 2004)
  5. Re: WebDNA security ( Patrick McCormick 2004)
  6. Re: WebDNA security ( "Sal D'Anna" 2004)
  7. Re: [OT] Security in general [Was] Re: WebDNA security ( "WebDna @ Inkblot Media" 2004)
  8. Re: WebDNA security ( John Peacock 2004)
  9. Re: WebDNA security ( Donovan Brooke 2004)
  10. [OT] Security in general [Was] Re: WebDNA security ( Alan White 2004)
  11. Re: WebDNA security ( Alan White 2004)
  12. Re: WebDNA security ( John Peacock 2004)
  13. WebDNA security ( Patrick McCormick 2004)
first response: On Aug 6, 2004, at 10:53 AM, John Peacock wrote: > Patrick McCormick wrote: > >> One particular point that he was trying to make is that simply >> running WebDNA on a machine exposes that machine to hacking. > > The only truly secure computer is one that is unplugged and embedded > in concrete (and even then, I'd demand a few feet of lead shielding to > prevent cosmic rays from flipping bits). ;) > > All actively generated pages that accept _any_ input from the user can > conceivably be hacked (or at least DOS'd). It sounds like this > supposed IT executive was reacting more from the CYA impulse than any > realistic security consideration. Had I been there, I would probably > have flayed him alive (is he running any version of IIS, does he use > any ASP, or other actively generated pages, etc.) and made him look > like the PHB he is. PHP isn't really comparable to anything except > the simple web scripting language it is. > > Sadly, WebDNA's market share is too small to interest any serious > hackers (plus it is so easy to make it look like an ASP site and > seriously mess with the ones who try). On the same basis, I doubt any > security organization would be interested in doing a survey without a > 5 figure payment... > > My 2 cents > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4501 Forbes Boulevard > Suite H > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5748 > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Patrick McCormick

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

textarea text truncated by browser (2000) ColdFusion v. WebDNA (2004) Weird problems with [SHOWIF]s (1997) [WebDNA] Is [math] on a number with too many digits the only way that I can get scientific notation out of webdna? (2011) List Var (2000) What's the grep? (2004) Re:HELP - NONE STOP DIGESTS. Digest for 4/24/97) (1997) WebDNA Solutions ... sorry! (1997) [WebDNA] v7 success story (2012) Emailer port change (1997) MacWEEK article help needed (1996) Wierd thing in ViewOrder.tpl (1999) [WebDNA] Error installing v6.2 on Ubuntu 10.10 ... (2012) SSL and WebCatalog (1997) Java Path Follow Up (2004) [WebDNA] TCPConnect/cURL alternative for windows? (2010) problem with applets embedded in tpl files (1997) Re:Searching for ALL / empty form field (1997) Multiple products Multiple price (2000) Help Encrypt/Decrypt eMail (2003)