Re: How to get an unix programmer started on web programming?
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Thu, 01 Sep 2005 09:33:48 -0500
Andrew DeFaria wrote:
Jerry Stuckle wrote:
Volker,
Don't allow access to your Oracle server through the web, especially if you have confidential data on it that's not needed by the web. If someone successfully hacks your system, they not only could have full access to the data in your Oracle databases, but they could damage them as well.
Rather, replicate only the data necessary to run your website to another database accessible by the web server (if you're happy with Oracle, that's fine). Then access that subset from the server.
And if your users update this data from the website (i.e. order entry has to decrement inventory count), don't just automatically replicate the changes back to your main database. Rather, have the web site code call a program running on the Oracle server (or another server behind your firewall). This program should (again) validate the information and then make the database changes.
IMHO this is unnecessary paranoia. A well written system will not allow a user to hack your system and access arbitrary bits of data in a database nor destroy a database. In any event limiting such data to a subset and then engineering what needs to be done to keep things in sync is overkill. If the hacker hacks he'll hack your subset database and such a hack will probably be as painful.
Andrew,
You've obviously never worked with the (U.S.) Federal government or a large or medium sized company. These groups have all kinds of data on their system which could be ripe for hackers - social security numbers and other private information of personnel, for instance. If such data is hacked, it could lead to serious criminal and/or civil legal proceedings.
Even non-personnel data such as market research, sales figures and other things can be expensive to the company if leaked.
And ANY system can be hacked. Some are more secure than others, but ANY system is vulnerable. But the more roadblocks you put in front of a hacker, the better chance you have of catching him BEFORE he gets into the system.
You call it paranoia. My customers call it safety. And it isn't all that hard to implement.
-- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@xxxxxxxxxxxxx ================== .
- Follow-Ups:
- Re: How to get an unix programmer started on web programming?
- From: Andrew DeFaria
- Re: How to get an unix programmer started on web programming?
- References:
- Re: How to get an unix programmer started on web programming?
- From: Jerry Stuckle
- Re: How to get an unix programmer started on web programming?
- From: Andrew DeFaria
- Re: How to get an unix programmer started on web programming?
- Prev by Date: Re: How to get an unix programmer started on web programming?
- Next by Date: Re: How to get an unix programmer started on web programming?
- Previous by thread: Re: How to get an unix programmer started on web programming?
- Next by thread: Re: How to get an unix programmer started on web programming?
- Index(es):
Relevant Pages
|
