|
|
|
|
|
|
 |
 |
|
|
|
||||||
|
|
5.11 How do I make my web server act as a front-end for a database that lives on my private network?The best way to do this is to allow very limited connectivity between your web server and your database server via a specific protocol that only supports the level of functionality you're going to use. Allowing raw SQL, or anything else where custom extractions could be performed by an attacker isn't generally a good idea.Assume that an attacker is going to be able to break into your web server, and make queries in the same way that the web server can. Is there a mechanism for extracting sensitive information that the web server doesn't need, like credit card information? Can an attacker issue an SQL select and extract your entire proprietary database? ``E-commerce'' applications, like everything else, are best designed with security in mind from the ground up, instead of having security ``added'' as an afterthought. Review your architecture critically, from the perspective of an attacker. Assume that the attacker knows everything about your architecture. Now ask yourself what needs to be done to steal your data, to make unauthorized changes, or to do anything else that you don't want done. You might find that you can significantly increase security without decreasing functionality by making a few design and implementation decisions. Some ideas for how to handle this:
|
|
Vesaria, LLC
443.501.4044 NEW JERSEY: 708 Lakeview Drive Lakewood, NJ 08701 MARYLAND: 722 Dulaney Valley Road, Suite 192 Towson, MD 21204
|
||||
|
© 2000 - 2012 Vesaria Network Security Specialists | |
|||||
|
|
|
|
|
|
|
|
| Call Us at 443.501.4044 |
