Web Server Security: DevShed

Navigation

User login

GWT in Practice at Manning
GWT in Practice at Amazon
GWT Resources

Unlocking Android at Manning
Unlocking Android at Amazon
Android Resources

Quote

Albert Einstein

A man's ethical behavior should be based effectually on sympathy, education, and social ties; no religious basis is necessary. Man would indeeded be in a poor way if he had to be restrained by fear of punishment and hope of reward after death.

Thu, 04/20/2000 - 11:53 — charlie.collins

DevShed has a nice web server security article all web interested people should check out. This article is again very high level and covers only the basics but it is a start. Be aware of the basics, read the article.

mini rant mode == 1

Lets hope there are no psuedo-sysadmins around running public NIS or NFS or using the MSSQL default admin password of 'sa' '' (lets hope no one uses MSSQL, thats another story), or using msql publicly or allowing non authorized DNS zone transfers (dumps), or using clear text telnet or ftp with privileged accounts, or etc, etc. It astounds me when I hear about these things, it does not take a security expert to recognize these issues. To me it is analogous to leaving the keys in your car or your front door open when you are not around, you just dont do it, its dumb, its not rocket surgery security. Yet it happens, you would be amazed by the number of default configurations and just plain no consideration for security that make systems vulnerable to attack. The aforementioned article uses some of these lame examples, and they are valid because they are real, but no public server should ever be exploited for these reasons (at least get hacked by a sophisticated attack, some clever subterfuge, rather then by stupidity.)

mini rant mode == 0 Web Server Security: DevShed