cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Mayring <u...@denic.de>
Subject Re: create-session attribute of xsp:page
Date Thu, 13 Jul 2000 11:50:15 GMT
Mark Washeim wrote:
> 
> If someone hacks into the machine the db is running on, it is very likely
> that they will soon find out what port the db accepts connections on, what
> the user names and passwords are (since they are often stored on the
> machine
> in property files) and, depending on how careful your dba is, you may even
> have default users and passwords kicking around. Not to mention the
> ubiquitous back doors....

Well, they can easily find the port on which the db accepts connections,
but they cannot login, because - at least in our case - the
usernames/passwords are stored in the database itself and are encrypted.
It is an extra level of security and it is much easier making Sybase
secure than making Unix secure.

> I'm only mentioning to be cautious about assuming the safety of passwords
> stored in a database...

Yes, but that's what you have a db admin for. The human factor can be
the weakest link in the chain :)

> Which brings us back to pain in the ass reality. Namely, if you really take
> security seriously, you must use SSL.

Yes, but it's a major hassle, so I rather do the "easy" things first :)

Ulrich

-- 
Ulrich Mayring
DENIC eG, Systementwicklung

Mime
View raw message