Re: How to get an unix programmer started on web programming?

Andrew DeFaria wrote:
>
> Jerry Stuckle wrote:
>
> > Volker,
> >
> > Don't allow access to your Oracle server through the web, especially
> > if you have confidential data on it that's not needed by the web. If
> > someone successfully hacks your system, they not only could have full
> > access to the data in your Oracle databases, but they could damage
> > them as well.
> >
> > Rather, replicate only the data necessary to run your website to
> > another database accessible by the web server (if you're happy with
> > Oracle, that's fine). Then access that subset from the server.
> >
> > And if your users update this data from the website (i.e. order entry
> > has to decrement inventory count), don't just automatically replicate
> > the changes back to your main database. Rather, have the web site
> > code call a program running on the Oracle server (or another server
> > behind your firewall). This program should (again) validate the
> > information and then make the database changes.
>
> IMHO this is unnecessary paranoia. A well written system will not allow
> a user to hack your system and access arbitrary bits of data in a
> database nor destroy a database. In any event limiting such data to a
> subset and then engineering what needs to be done to keep things in sync
> is overkill. If the hacker hacks he'll hack your subset database and
> such a hack will probably be as painful.

Sorry Andrew, but that's a load of BS. Any non-trivial computer program
(including PHP scripts, of course) contains errors, which could
potentially be security hazards. Add to that (potentially even
undiscovered) bugs in the OS, the webserver, PHP itself, ... and the
only possible conclusion is, what every security expert has been
preaching for quite a lot of years: The only computer that is safe from
being hacked is a computer not connected to the net.

So what Jerry suggested is the only sensible thing to and certainly not
overkill.

Bye!
.

Relevant Pages

  • Re: How to get an unix programmer started on web programming?
    ... Don't allow access to your Oracle server through the web, especially if you have confidential data on it that's not needed by the web. ... Rather, replicate only the data necessary to run your website to another database accessible by the web server. ... A well written system will not allow a user to hack your system and access arbitrary bits of data in a database nor destroy a database. ...
    (comp.lang.php)
  • Re: How to get an unix programmer started on web programming?
    ... Don't allow access to your Oracle server through the web, especially if you have confidential data on it that's not needed by the web. ... Rather, replicate only the data necessary to run your website to another database accessible by the web server. ... If the hacker hacks he'll hack your subset database and such a hack will probably be as painful. ...
    (comp.lang.php)
  • DataBase security
    ... there are many ways to hack the SQL server and in turn ... if possible change the default port 1433 to some other ... I had very little idea abt database security. ...
    (microsoft.public.sqlserver.security)
  • Create SharePoint Portal failed.
    ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ...
    (microsoft.public.sharepoint.portalserver)
  • Re: ADO Connection Timeout
    ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ...
    (microsoft.public.data.ado)